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Microsoft put Visual Studio 2010's new interface on display at last 
month's VSLive conference in San Francisco. The interface, which has been 
rewritten in WPF 4.0 r enables more advanced visualizations than 
previous editions of Visual Studio, said Jason Zander, general manager of 
Visual Studio at Microsoft. Developers will be able hyperlink to other 
resources and use XAML keywords (pictured above) for vector graphics. 



Quest first to release 
DSP for Visual Studio 

Oracle plug-in gives developers more freedom 



BY DAVID WORTHINGTON 

Visual Studio Team System devel- 
opers will soon have the ability to 
work with non- Microsoft databas- 
es without limitations for the first 
time when Quest Software releas- 
es its Oracle Database Schema 
Provider (DSP) for VSTS 2010. 

Quest, which made the 
announcement at last months 
VSLive conference, hopes to have 
a beta of its DSP available later this 



year, according to Daniel Nor- 
wood, product manager of data- 
base development tools at Quest. 
Developers may sign up to be noti- 
fied upon its release. The price has 
not yet been determined. 

Using the Oracle DSP, devel- 
opers can perform offline design, 
development and change manage- 
ment in VSTS. Previously, Oracle 
development in VSTS was limited 
(it lacked offline database design 



and development) and involved 
time-consuming manual processes 
to accomplish, said Quest. 

"We know developers that 
use Visual Studio Team System 
work across multiple databases 
and environments," said Norman 
Guadagno, director of marketing 
for VSTS. 

DSP is part of a larger theme of 

Visual Studio being "appropriate 

continued on page 19 ► 



Microsoft meeting threats head-on 

Security Development Lifecycle revisions drafted 



BY DAVID WORTHINGTON 

Microsoft spent years shaping the 
requirements, tooling and cultural 
changes that have become indis- 
pensable parts of its Security 
Development Lifecycle. Today, 
the SDL is being revised to 
address emerging security threats, 
as well as new computing styles 
and paradigms that are changing 
the process of how Microsoft cre- 
ates its software, said Steven Lip- 
ner, Microsoft's senior director of 
security engineering strategy. 

The SDL is a mandatory 
process used internally at Micro- 
soft during the development of 
its products, and Microsoft began 
to share its SDL expertise and 
tooling with customers last year. 

A team of security scientists 
at Microsoft is dedicated to 
researching new classes of vul- 
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By using the SDL internally, 
Microsoft has cut the vulnerabilities 
in its operating system. 

nerabilities and emerging tech- 
nologies, said Lipner. The team 
develops and updates tools in 
response to threats; the tools are 
eventually incorporated into the 
SDL after they reach maturity. 



The company also consults with 
external researchers during the 
security review process. 

"As we learn about vulnerabili- 
ty types, we address them with the 
compiler," said Michael Howard, 
principal security program manag- 
er of the SDL Team. "The Visual 
C++ compiler offers a lot of 
defenses for free. 

"I spend hours each day read- 
ing security research, draft docu- 
ments on security protocols, and 
about the security implications of 
some technologies to stay on top 
of what happens in this industry." 

While that research often 
results in Microsoft adapting its 
technologies and SDL require- 
ments to address vulnerabilities, 
the company is acutely aware that 
additional requirements can hold 
continued on page 20 ► 



Governance < 
in the cloud \ 
less than hazy 



BY DAVID WORTHINGTON 

The concept of "governance" 
means different things to differ- 
ent people — and in fact, even the 
word itself is open to debate. 
However, no matter how you 
slice it, the consensus is that gov- 
ernance will play a crucial role in 
the ascension of cloud comput- 
ing, and that cloud computing 
can complement governance 
existing processes. 

Cloud services are standard- 
ized offerings that are delivered 
through a common service cata- 
logue. The services are rapidly 
provisioned and delivered out of a 
highly elastic and scalable infra- 
structure with a pay-as-you-go 



model, said Ric Telford, vice pres- 
ident of cloud services at IBM. 

Just as with traditional back 
office applications, compliance is 
key. "Anything that an organiza- 
tion could engage in that would 
need to be monitored by senior 
management at least on an occa- 
sional basis to make sure that the 
company is behaving properly in 
the modern world" should be 
governed, said Denis Pombriant, 
managing principal analyst of 
Beagle Research Group. 

In cloud computing, providers 

should be transparent about the 

services that they offer, with 

clearly stated service-level agree- 

continued on page 22 ► 
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...which can display 2D & 3D charts 
with presentation quality, without sacri- 
ficing speed. 

Our state-of-the-art rendering engine will surpass 
any other, when it comes to speed and looks com- 
bined. Tweak lights, materials, 2D image filters, 3D 
jittering and more, to achieve the best look for your 
charts! 
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...which contains a complete set of 
charting and gauge types, designed to 
meet even the most compelling data 
visualization tasks. 

With so many different charts and gauges at your 
fingertips, you will never find yourself at a stale- 
mate. If there is any chart or gauge you need - 
we've got it. 
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...which has a well designed and pol- 
ished object model, allowing you to 
extend and customize it. 

Scalability is what you need. We guarantee it! Just 
as we guarantee, that our API is as versatile as 
they come. 





...which contains an unmatched set of 
examples, with source code, that will 
help you get started quickly in both 
ASP.NET and Windows Forms. 

Sometimes it's beginner's luck, sometimes it's 
having the best help around. Scroll through our 
examples, check out the source code, and you're 
already halfway done! 
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www.sdtimes.com 



Software Development Times . March 15, 2009 



NEWS 



Adobe, Microsoft wage verbal battle over RIAs 

Execs clash over platform adoption as both claim widespread installation 



BY JEFF FEINMAN 

It all started with an answer to a 
question at a telecommunica- 
tions conference, which sparked 
a verbal feud over two of the 
more notable rich Internet 
application (RIA) platforms on 
the market. 

When asked his thoughts on 
Microsoft Silverlight at Thomas 
Weisel Partners Technology & 
Telecom Conference 2009 in 
mid-February, Mark Garrett, 
Adobes executive vice presi- 
dent and CFO, said that Sil- 
verlight launched strong, but its 
adoption "has really fizzled out 
in the last six to nine months, 
I'd say We're innovating ahead 
of them, and they have not 
been able to catch up." 

Those remarks got under the 
skin of Tim Sneath, Microsoft's 
director of client platform evan- 
gelism. "We're very pleased 
with how Silverlight is doing," 
Sneath told SD Times. "Even in 
this troubled economy, my team 
is working overtime to respond 
to requests from top Web 2.0 
sites across the world who are 
adopting Silverlight." 

Sneath said that Garrett's 
comments make it seem as if 
he's "living in a fantasy world." 
He pointed out that Silverlight 
offers near infinite-scale image 
interoperability with Deep- 
Zoom, rich XML-based UI lay- 
out and markup, and seamless 
interaction with HTML. 
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CBS uses Silverlight (left) to broadcast sports, like March Madness, online, while the Discovery Channel uses Flex (right) to run its Earth Live website. 



Microsoft has even been using 
Silverlight for its own technolo- 
gy needs by demonstrating how 
a new version of Office will use 
Silverlight in browser-based 
companion applications. 

"In terms of Silverlight's 
momentum, there's no question 
that we're on course. Silverlight 
2 has only been out for five 
months and yet is now installed 
on more Internet-connected 
PCs than Firefox and Google 
Chrome combined," said 
Sneath, who initially reacted to 
Garrett's comments on his blog. 

Garrett declined further 
comment about his remarks at 
the conference, which were 
first reported by Retanews. 

Matt Rozen, a spokesman for 
Adobe, said Garrett's comment 



was made for the financial com- 
munity at a special event and was 
a quick answer to a question 
from an audience member. 
However, Sneath wasn't con- 
vinced that the jab was a simple 
slip of the tongue, saying it is in 
Adobe's interest to create the 
perception that Adobe's Flex 
RIA platform is in demand while 
interest in Silverlight is waning. 

Developers using both plat- 
forms said that there could be 
big competition in the future 
between the them. Rockford 
Lhotka, principal technology 
evangelist for IT consulting firm 
Magenic, created a Silverlight 
version of C SLA .NET, an open- 
source .NET development 
framework for simplifying the 
production of Windows Forms, 



Web Forms, Windows Presenta- 
tion Foundation and Web Ser- 
vices. Lhotka admitted that he is 
biased toward Silverlight, but he 
said he can't see how one could 
say that it's fizzling. 

"From my perspective, the 
technology is only a few months 
old and it seems to be spreading 
fairly rapidly, especially given the 
economy and how conservative 
businesses are at the moment," 
he said. "At the same time, while 
I'm hopeful that Silverlight 
becomes a dominant force, noth- 
ing is ever a given. Look at [Beta- 
max]/VHS or BluRay/HD-DVD 
and countless other examples 
where technologies become 
dominant that may or may not be 
the best technology." 

R.J. Owen, a senior develop- 



Novell looks to thwart SCO reorg plan 



BY JEFF FEINMAN 

In the ongoing court battle 
between the two companies, 
Novell has filed an objection to 
the SCO Group's Chapter 11 
bankruptcy reorganization plan 
that would involve a public auc- 
tion of SCO's assets. 

The objection was filed last 
month at the deadline for com- 
panies to submit objections to 
SCO's disclosure statement. 
Novell did not provide further 
information on the objection 
because the attorney working 
on the case was unavailable for 
comment. A Novell spokesman 
confirmed that the objection is 
rooted in what the company 
considers an inadequacy of 
SCO's disclosure statement. 

Ryan Tibbetts, vice presi- 
dent and general counsel of 



SCO, said he wasn't surprised 
that Novell filed an objection. 
"Novell has made no secret that 
their plan is to try and block us 
every step of the way," he said. 

IBM and Red Hat, the two 
other main software companies 
that defeated SCO in Unix 
copyright lawsuits, did not say if 
they filed objections or not. 

It is not yet known what the 
effect the objection will have on 
the approval or rejection of the 
plan, but Robert L. Eisenbach, a 
partner with the Cooley God- 
ward Kronish Bankruptcy and 
Restructuring law firm, said that 
an objection may not even be 
considered in the early stages of 
a bankruptcy hearing. 

"The urgency of reorganiz- 
ing a debtor's business or liqui- 
dating its assets means that the 



claims objection process is typi- 
cally left until near the end of 
the bankruptcy case, often after 
a plan of reorganization has 
been confirmed in a Chapter 11 
case," Eisenbach said. "Often, 
months or even years may go by 
before you hear anything fur- 
ther about your claim from the 
debtor, bankruptcy trustee or 
any other party." 

The history between Novell 
and SCO stretches back to 1995, 
when the companies agreed to 
an asset purchase agreement, 
which transferred rights to cer- 
tain Unix products from Novell 
to SCO. In 2004, SCO filed a 
lawsuit against Novell in an 
attempt to acquire all copyrights 
that Novell registered, but the 
courts sided with Novell and 
denied SCO's motion. Since 



then, the companies have had a 
number of courtroom battles, 
but in November 2008, a feder- 
al court judge issued a final 
judgment in the case, declaring 
that Novell had retained the 
copyright to Unix after the 1995 
agreement and thus was the 
owner of Unix. 

In early January, SCO filed a 
Chapter 11 reorganization plan 
with U.S. Bankruptcy Court in 
Delaware. The plan called for a 
public auction of its OpenServ- 
er Unix product line and its 
mobile business division. The 
UnixWare business, along with 
the debt owed to Novell, would 
remain with SCO. 

Tibbetts said he expects a 
Bankruptcy Court decision on 
the plan to come in two or three 
months. I 



er with user interface designer 
EffectiveUI, has worked pri- 
marily with Adobe Flex. He said 
that Silverlight is poised to be a 
huge competitor in the RIA 
space and offers features that 
Adobe's platform doesn't, such 
as multi-threading. However, 
Adobe's commitment to open- 
source technology and its longer 
presence in the RIA market 
presently give it the edge. 

"The general feel I have for 
the situation is that while 
Adobe's platform is currently 
both more mature and easier to 
use, Microsoft is catching up 
extremely fast and will be very 
competitive very soon," Owen 
said. "Adobe's tools ... provide a 
better designer-developer work- 
flow, but a lot of that is due to 
the fact that we're all very used 
to the way things are done with 
Adobe. Microsoft also hasn't 
pushed the Silverlight player out 
hard to everyone's machine." 

According to Microsoft, Sil- 
verlight 2 has been installed on 
more than 100 million con- 
sumer PCs since it was 
launched in October 2008. Sil- 
verlight 1 was used for the 2008 
Summer Olympics, streaming 
2,200 hours of live coverage and 
more than 70 million videos 
from NBC's Olympic website. 

Adobe, meanwhile, said at its 
Adobe MAX Japan conference 
in January that Adobe AIR also 
had 100 million installations in 
less than one year after its initial 
release. Flash Player 10 was 
installed on more than 55% of 
computers worldwide in the first 
two months of its release, and it 
is expected to surpass 80% by 
the second quarter of 2009, the 
company claimed. I 
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NEWS BRIEF 



, COMPANIES , 



Adobe Systems and Nokia will set up a US$10 million fund to finance 
developers creating applications based on Adobe's Flash platform for 
PCs, smart phones and other devices. The fund is in conjunction with 
Adobe's Open Screen Project, a community development project 
aimed at using AIR and Flash to create a consistent application inter- 
face across all devices. Other partners in the project include Cisco, 
Intel, Motorola, Samsung and Verizon Wireless . . . The European 
Union has created the INTERESTED (INTERoperable Embedded Sys- 
tems Tool chain for Enhanced rapid Design) project, which is aimed at 
complex embedded systems and software development. One of the 
main goals of the INTERESTED project is to create a Europe-wide, inte- 
grated reference tool chain covering the "full spectrum" of embedded 
systems and software development, according to the EU. Embedded 
companies that are currently members of INTERESTED include United 
Kingdom-based Artisan Software Tools, France-based Esterel Tech- 
nologies, Italy-based Evidence, Austria-based TTTech Comput- 
ertechnik and Czech Republic-based Unis. 



NEW PRODUCTS 



National Instruments has created the LabVIEW Unit Test Frame- 
work and LabVIEW Desktop Execution Trace toolkits, new engi- 
neering software for the LabVIEW graphical development environ- 
ment. The LabVIEW Unit Test Framework lets engineers automate 
reguirements-based testing, according to the company. A reporting 
feature can automatically generate validation documents in HTML 
and XML . . . Embedded systems infrastructure software developer 
QNX Software Systems has created a new platform for automotive 
systems development. QNX CAR has a connected application plat- 
form for Bluetooth, sample applications, reference implementations, 
and a mechanism for delivering software updates and new features 
to vehicles. 



, UPDATES , 



ILOG has released Elixir 2.0, a visual component toolkit for Adobe's 
Flex 3.0 platform that tries to help developers create faster custom 
displays. There are new calendar displays, including interactive edit- 
ing features, for creating custom shared schedules, as well as for 
building project management displays with Gantt charts for illustrat- 
ing project schedules . . . Compiler and debugger provider Absoft 
released the Fx3 stand-alone debugger, what the company said is a 
more-advanced debugging option for Fortran developers. Fx3 was 
previously only available with Absoft's Pro Fortran compiler and 
debugger suite, and it is compatible with both 32- and 64-bit exe- 
cutables on Macintosh and Intel-based systems . . . Reporting and 
operational business intelligence company Jinfonet Software has 
made available JReport 9 Service Pack 1, bringing improved scala- 
bility and response time for on-demand report generation and report 
delivery, the company said. A new Map Editor helps users design 
maps with rich properties, such as formatting and conditional for- 
matting of map objects . . . XML technology specialist Syncro Soft 
has released a new version of Oxygen XML Editor, bringing a new XML 
Schema diagram for XML editing as well as a new XML Schema doc- 
umentation engine that can use multiple output formats. Oxygen 
XML Editor 10.1 also has what the company called a simplified visu- 
al editing page, as the diagram was redesigned to be easier to under- 
stand . . . Hewlett-Packard has added the ability to validate applica- 
tion performance against business requirements during the testing 
cycle in a new version of its HP Performance Center performance and 
load testing software. Performance Center 9.5 offers features for 
sharing tests and trending capabilities. With trending, users can see 
changes in performance between iterations, company executives said 
. . . Innovations Software Technology released Visual Rules Enter- 
prise Platform 4.4, an update to its business rules management 
platform. A new execution server feature transforms business rules 
into Web services, like SOAP and WSDL, according to the company. 
There is also a new audit log that lets developers trace in detail the 
version history of a rule project. I 




Zend poised to push 
PHP into the cloud 

Company cofounder Gutmans relishes 
challenge of growing Zend 



BY JEFF FEINMAN 

Andi Gutmans' appointment to 
the head position of Zend Tech- 
nologies in early February did 
not come as a surprise to many 
For starters, Gutmans was a 
company cofounder and helped 
build the enterprise PHP tool- 
maker, focusing on expanding 
the PHP community and matur- 
ing the market. He has also got- 
ten his feet wet as the main com- 
pany spokesman and driving 
force behind company strategy. 
He spoke with SD Times about 
how he will work to keep PHP a 
legitimate scripting language 
and how he will try to drive 
Zend forward in his new post. 

SD Times: What was your reac- 
tion to becoming CEO? 

Andi Gutmans: There wasn't 
really an immediate reaction 
from me because I've been dri- 
ving the strategy of the company 
for the past few years. Part of 
that strategy was to make sure 
that we leverage the whole PHP 
community and mature the mar- 
ket around PHP. We kind of got 
to this point now where we're 
rolling out the next phase of this 
strategy, which is Zend Server, 
which we just launched into 
public beta. So the board really 
felt that I was the right person to 
take that strategy that I've been 
leading and make sure we exe- 
cute it all the way. I would say it 
was less of a shock and more of 
just a natural progression. 
With Zend Server, is the compa- 
ny moving in a new direction? 
When I started the company 
with Zeev Suraski, we were try- 
ing to make sure that we deliv- 
ered production solutions for 
business-critical applications: 
performance, monitoring, any- 
thing you need to run a reliable 
application. The DNA of the 
company is definitely produc- 
tion and performance of PHP. 
We deal with some of the 
largest websites out there, so 
the Zend Server rollout is 
extremely important for the 
company because it takes that 
next step into production. Zend 
Server is, I would say, where 
the DNA of the company meets 



the footprint that we got from 
our Zend Framework applica- 
tion framework, and we really 
want to leverage that to grow 
our server footprint. 
What is the company's road map, 
and how will Zend Server and oth- 
er products help carry that out? 
We will continue to build on the 
cohesiveness of our solution by 
more deeply integrating Zend 
Studio for Eclipse (our Eclipse- 
based IDE), Zend Framework 
and Zend Server, all into one 
seamless experience. Our Zend 
Server goal is to tie together the 
production side with rest of the 
development life cycle and 
ensure that applications built 
on Zend run securely, run reli- 
ably and scale well. 

Delivering consistency 

between development and pro- 
duction has been a challenge 
for many users, and by enabling 
them to use Zend Server across 
platforms and workstations with 
deeper tooling integration, our 
customers will enjoy significant 
productivity and quality gains. 
We are also supporting ISV 
communities with this end-to- 
end solution and anticipate that 
they will be standardizing their 
customers' production environ- 
ments on Zend Server. 
Since you come from the techni- 
cal side of the industry, how do 
you plan to balance that with the 
marketing side of being a CEO? 
I came to America about four 
years ago, and for most of the 
past few years I've been deeply 
involved in the marketing side. 
I've been the main company 
spokesperson, and I focused on 
building the ecosystem. I think 
that gives me a lot of strength 
because I really understand the 
market and our customers' 
needs. I think that the most suc- 
cessful technology companies 
have had leaders that understand 
the product and the market and 
have been able to figure out how 
that translates into revenue. 
What steps does Zend take to 
uphold the integrity of PHP's 
code and make sure it's reliable? 
We continue to contribute to 
PHP. What I focused on in my 
previous role as CTO was not 



just PHP itself, but also what 
the ecosystem looks like and 
how we mature it. 

In the past five years, we 
started Zend Framework and 
had huge success with Eclipse 
unit testing, everything you 
would get from the Java commu- 
nity or other communities. 
Today, we're seeing a shift inside 
of companies to embrace PHP. 
Given the market conditions, the 
difference in productivity 
between PHP and Java is push- 
ing them to almost require PHP 
for all their new Web projects. 

I used to be a Java developer, 
so I've felt the pain and have the 
scar tissue. For the next-genera- 
tion Web, PHP is just more pro- 
ductive, and it's really the best 
solution. There's a reason why 
we have about 35^0% market 
footprint, and anyone that has 
that amount of market footprint 
is always going to get attacked. 
Can you elaborate on the "scar 
tissue"? 

I was doing WebSphere devel- 
opment, and it took us about six 
months to get a new developer 
up to speed. This was a very big 
project. And it was just unbeliev- 
ably complex, with very slow 
development times. With PHP, 
the pace is faster, developers are 
cheaper, and overall time-to- 
market and costs are significant- 
ly lower. And it scales, so you can 
build very high-quality applica- 
tions with best practices, like 
Zend Framework, and compa- 
nies like Facebook and Yahoo 
that scale more than almost any 
other company are built on PHP. 
I like to pride myself by saying 
PHP is as productive as ASP, but 
it scales like Java. 
With the big shift to Web applica- 
tions, cloud computing and soft- 
ware-as-a-service r do you think 
that PHP is beneficial for that? 
Absolutely. Those are all acceler- 
ators behind us: cloud comput- 
ing, open source, dynamic lan- 
guages. All enterprises are 
looking to move their applica- 
tions into the browser. Compa- 
nies don't have time and money, 
so they're definitely looking at 
the most productive solutions 
that they know they can scale. I 
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Borland builds software code checker for release time 



BY JEFF FEINMAN 

In the latest piece of its soft- 
ware delivery management 
suite, Borland Software tries to 
create a way to ensure that soft- 
ware code is ready for takeoff. 

Teamlnspector, released in 
February, has automated 
reporting capabilities that gath- 
er metrics from developer test 
utilities, static code analysis and 
build tools, according to Bor- 
land. It is the fourth product in 
Borland's Management Solu- 
tions software delivery manage- 
ment platform, introduced in 
July 2008. 

In describing the other 
aspects of Management Solu- 
tions, David Wilby, vice presi- 
dent of product strategy at 
Borland, said that its TeamDe- 
mand software uses business 
alignment, which makes sure 
that requirements are in line 
with the needs of a business. 
TeamFocus gives developers 
methodology- agnostic project 
management, while TeamAna- 
lytics offers what Wilby called 
a data warehouse for applica- 
tion development, with the 
ability to pull data from multi- 
ple sources for business intelli- 
gence reporting. 

Teamlnspector adds "re- 
lease readiness" to Manage- 
ment Solutions, aiming to min- 
imize risk by continuously 
monitoring the code of soft- 
ware systems. "Teamlnspector 
is part of what we term the 
Verify' phase," Wilby said. "It 
allows you to not only automate 
the build functionality within 
your organization, but it's also 
going to verify that the code is 
Tit for purpose.' Fit for pur- 
pose, in this case, means that 
it's built to spec and that it has 
unit test coverage." 

There are three key features 
that make up Teamlnspector. 
Inspector Infrastructure auto- 
mates the build process, Wilby 
said. "The build process acts as 
a trigger. That trigger then uses 
industry standard testing and 
checking procedures to look at 
the quality of the code as it's 
being built," he said. 

As part of Inspector Infra- 
structure, there are automated 
"inspectors" for gathering met- 
rics about a piece of software's 
code. Inspectors are available 
for build tools, including 
Apache Ant and Sourceforge's 
NAnt, and are also available 
with testing and coding stan- 



dard compliance tools like 
Checkstyle, JUnit and NUnit. 

The second main feature of 
Teamlnspector is the use of 
portfolio dashboards that dis- 
play information from multi- 



ple projects, allowing develop- 
ers to see dependencies 
between individual sets of data 
in order to identify potential 
problems. 

Finally, Teamlnspector in- 



tegrates with software configu- 
ration management products, 
including Borland's own Star- 
Team product, Perforce's 
product, and CollabNet's Sub- 



"It's all about the confidence 
that you have in the code and 
driving down the amount of 
rework that you have to do as 
you're delivering code out to 
the field," Wilby said. I 
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Mozilla puts Bespin IDE in cloud 



BY ALEX HANDY 

When Mozilla hired the two 
men behind Ajaxian last year, 
the plan was to base an entire 
developer tools lab around the 
pair. When SD Times last spoke 
to Dion Almaer and Ben Gal- 



braith late last year, they only 
had an inkling of ideas. But in 
late February, the fruits of their 
labor were realized as Bespin. 

Named after the planet on 
which Lando Calrissian's Cloud 
City is based in the Star Wars 



universe, Bespin is a Web- 
based IDE focused on a future 
of cloud computing. 

While Web-based IDEs are 
nothing new, Almaer said that 
this is the first such offering to 
be written in the languages that 



it supports. That means devel- 
opers can modify and extend 
this fledgling open-source pro- 
ject with the same AJAX- 
focused techniques and code 
that the IDE is built to edit. 
"We wanted to build a tool 
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that open Web developers could 
feel is their own," said Almaer. 
"On the technology side, 
[Bespin is] written in the same 
technology as it uses. [Develop- 
ers] can customize the tool using 
the same tech they use to get 
their job done. We find that 
that's often not the case [with 
IDEs]. We wanted to make this 
a really open environment. This 
is one of the reasons we put out 
this release so early, to see what 
the community wants to do with 
it and how we should tweak it." 

Developers have already 
begun to push Bespin into new 
areas. One open-source devel- 
oper has already tied Bespin to 
a headless Eclipse server. This 
IDE mashup provided Bespin 
as the editor, while the Eclipse 
engine crunched and examined 
the code dynamically on the 
back end. 

"This is a feature we really 
want to explore. If you have this 
editor in the cloud, what could 
the cloud be doing? Right now, 
we're kind of limited in what the 
desktop can do. But in the cloud 
you can go and analyze the code 
for the entire project and send 
that info down to the user." 

Right from the start, said 
Galbraith, Bespin was built to 
be responsive. "The first thing 
we focused on was perfor- 
mance," he said. 

"We created a new editor 
from scratch using a new feature 
in HTML 5: the canvas tag. We 
rolled from scratch all the things 
that make up an editor. We 
found [that] by doing that, we 
were able to get pretty impres- 
sive performance. We haven't 
really found an upward bound 
for performance. We tried files 
upwards of 150,000 lines." 

Jeffrey Hammond, senior 
analyst at Forrester Research, 
said that Web-based IDEs have 
not historically earned much 
respect. "In general, Web-based 
IDEs haven't gone anywhere in 
the last five to 10 years. That 
doesn't mean I'm down on 
them," he said. 

"The reason for that is the 
nature of what the IDE is for. 
I'm thinking that an IDE that's 
for Web development has a 
much better chance of succeed- 
ing. The one claim I would 
point to is Firebug. Everybody 
I talk to in JavaScript is already 
debugging in the browser. That 
gets me thinking to situations 
where the code that's being 
developed is best rendered and 
activated in a browser. That's 
where I think you might see the 
browser-based IDE." I 
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Red Hat details JBoss 
middleware expansion 



BY DAVID WORTHINGTON 

In the year ahead, Red Hat will expand 
its JBoss platform to offer a full comple- 
ment of middleware in order to provide 
a reference architecture for service-ori- 
ented architecture. 

"The JBoss Application Server is our 
core foundational technology, but we 
believe that it is more than an application 
platform," said Red Hat's vice president of 
middleware Craig Muzilla. The compa- 
ny's goal is to round out its line of middle- 
ware products so that that a developer can 
use it to compose services, he added. 

"The [middleware] components inte- 
grate together so that developers will 
know that they are using the same tech- 
nology for their use cases and situations," 
said Muzilla. Those components include a 
business rules engine, the JBoss Enter- 
prise Portal Platform, the JBoss SOA Plat- 
form, the MetaMatrix Enterprise Data 
Services Platform, and the JBoss Devel- 
oper Studio tooling environment. 

"We are starting to round out our 
portfolio," said Muzilla, noting that 
there are currently 44 projects on 
JBoss.org, comprising incubations, prod- 
ucts and parts of products. 



In the coming year, customers will 
see the release of JBoss Application 
Server 5, Muzilla said. While its source 
is already available in the community, 
Red Hat does not yet offer supported 
profiles or modularly designed versions. 

Application Server 5 was architected 
for "an attribute-driven world" where 
interoperability among components is 
important, Muzilla said. The server was 
created with a microcontainer that can 
take on different shapes and forms, he 
explained. It supports other microcon- 
tainers, including Java Management 
Extensions, Open Services Gateway ini- 
tiative, and Plain Old Java Objects. 

Red Hat has also endeavored to make 
JBoss more modular, with the option for 
developers to deliver more configura- 
tions. What's more, it will support a range 
of APIs and frameworks, including AJAX, 
Adobe Flex, Hibernate, REST, Seam, 
Spring, Struts and Google Web Toolkit. 

Over the next 12 months, Red Hat 
will deliver advancements to its SOA 
platform and Enterprise Service Bus; a 
full-fledged Business Rules Manage- 
ment System; and an expansion to its 
Java portal engine, Muzilla said. I 



Active Endpoints lets users 
'rewind' business processes 



BY DAVID WORTHINGTON 

Active Endpoints, a business process 
management and automation software 
maker, has released an update that 
enables business users to rewind 
processes and adjust work when the 
information in a system does not match 
what is expected. 

ActiveVOS 6.1, slated for release this 
month, introduces a process rewind fea- 
ture designed to make BPM less rigid. 
"People can be afraid of BPM, thinking 
that it puts shackles on how the business is 
run; this new system fixes a pain point," 
said Michael Rowley, director of strategy 
and technology at Active Endpoints. 

When a business user or operations 
staff rewinds a process, data is restored 
to where it was at an earlier point in 
time, he explained. "If a guy did a bad 
quote estimate, you can start again using 
the same data as it had last time." 

ActiveVOS logs all activity during the 
rollback process and does not change 
back-end data. 

The update also simplifies Business 
Process Execution Language (BPEL) 
programming by automating bidirec- 
tional process creation and letting devel- 
opers work on processes without requir- 



ing them to fill in all of the details in 
order, the company says. 

ActiveVOS 6.1 automatically gener- 
ates a WSDL (Web Services Description 
Language) Web service for processes 
that have multiple participants by exam- 
ining context. "BPEL can be difficult for 
new developers to pick up," said Rowley. 

"Processes can be bidirectional with 
partner link requirements that confused 
people. In 6.1, you don't have to know 
this, but [you can] still get it absolutely 
right." 

ActiveVOS maintains 100% fidelity 
with BPEL, and developers still have 
the option of coding partner link them- 
selves, he added. 

"Any order development" allows 
developers to start work at the middle or 
end of a process, filling in the details lat- 
er, said Rowley. "Previously, other tools, 
including ours, required developers to 
fill in details in a defined order." 

Lastly, Active Endpoints simplified 
the BPEL process designer's view in 
ActiveVOS for business analysts by 
removing activities that make a process 
more difficult to follow. "[The designer's 
view] is standard BPEL nonetheless," 
said Rowley. I 
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ActiveBatch 7 puts Web services into workflows 



BY DAVID WORTHINGTON 

Advanced Systems Concepts, 
maker of ActiveBatch, software 
for job scheduling and work- 
load automation, has delivered 
a new version of ActiveBatch 



that can consume externally 
developed Web services as 
parts of workflows. 

ActiveBatch 7 became gen- 
erally available in February It 
includes a library of Web Ser- 



vices Description Language 
(WSDL) artifacts for Web ser- 
vices. It also includes an 
updated library of application 
profiles. 

ActiveBatch enables devel- 



opers to build workflows across 
applications by using templates. 
"Nearly every application, data- 
base and platform has some type 
of job scheduling," said Jim 
Manias, vice president of mar- 



Why is Amyuni PD. 
so interesting? 



V ' 



Proven 

Choose a PDF technology that is 
integrated into thousands of 
applications behind millions of 
desktops worldwide. 



Expertise 

Produce accurate and stable PDF 
documents using reliable tools 
built by experts with over ten years 
of experience. 



High-Performance 

Develop with the fastest PDF 
conversion on the market, designed 
to perform in multithreaded and 
64-bit Windows environments. 



OEM Licenses 

License and distribute products 
quickly and easily with a PDF 
technology that does not rely on 
external open-source libraries. 



Rapid Integration 

Integrate PDF conversion, creation 
and editing into your .NET and 
ActiveX applications with just a few 
lines of code. 



Customization 

Let our experienced consultants 
help you turn your software 
requirements into customized 
PDF solutions. 



jM 


4H¥Uh1-t 




I i * 






1 — *-"■ H 






SS5 1 1 H 


PDF Suite 


^^^^ 


U 


Qrrekipa Pf* 




* 1 


§ 


!'. 



We understand the challenges that come with PDF integration. 
From research and development, through design and 
implementation, we work with you every step of the way. 

Get 30 days of FREE technical support with your trial download! 



www.amyum.com 



USA and Canada 

Toll Free: 1 866 926 9864 

Support: (514) 868 9227 

Info: sales@amyuni.com 



Europe 

Sales: (+33) 1 30 61 07 97 

Support: (+33) 1 30 61 07 98 

Customizations: management@amyuni.com 



AMYUNI 



Technologies 



keting and sales at Advanced 
Systems Concepts. "The prob- 
lem is that they are somewhat 
autistic, focused inward and not 
outward toward integration." 

Version 7 expands workflow 
capabilities by incorporating Web 
services. A services library of 
internally and externally created 
WSDLs can be used as part of job 
steps, explained Manias. 

"A developer could load a 
WSDL provided by Salesforce 
to expose the methods that the 
WSDL provides to be embed- 
ded into something else, [then] 
use that information to pass 
from one job step to other job 
steps as a variable," said Manias. 

WSDL support also elimi- 
nates the need for adaptors and 
scripts to integrate applications, 
he added. 

"If this integration with 
applications and other infra- 
structure is standards-based 
using technologies such as SOA 
or Web services, then it will 
minimize [difficulty] and time 
of deployment. It will also 
improve the ability of a job 
scheduler to manage a continu- 
ally changing environment," 
said Milind Govekar, research 
vice president at Gartner. 

ActiveBatch's ability to inte- 
grate enterprise applications 
has also been expanded, with 
updates to templates for a wide 
range of applications. 

A drag-and-drop designer 
is now available to integrate 
applications with ActiveBatch 
Services. 

Manias explained that a 
developer could use the design- 
er to "drag" an SQL Server 
Integration Services package 
process into a workspace, select 
what they are looking for, and 
use variables to trigger the 
package to pass information 
from one workflow to the next. 

A power management facili- 
ty has been added as a job step 
to wake servers when they are 
needed, reducing data center 
power consumption. 

Additionally, ActiveBatch's 
event architecture has been 
broadened beyond date and 
time parameters to accept a 
range of file content and file 
management triggers, service 
monitoring triggers, and trig- 
gers based on e-mail (keyword 
triggered), message queues and 
Web services. There are now 
over 15,000 events to trigger 
workflows, Manias noted. I 
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ComponentOne previews data library, Web Parts 



BY DAVID WORTHINGTON 

ComponentOne, a developer of 
.NET controls, released in Feb- 
ruary a preview version of a 
LINQ (Language Integrated 
Query) class library called 
LiveLinq, which the company 
says will optimize queries and 
keep data up-to-date without 
having to refresh the data source. 

The company has also deliv- 
ered several SharePoint Web 
Parts that are based on Sil- 
verlight 2. 

LiveLinq uses indexing and 
other tweaks to speed up LINQ 
queries in memory, said Chris 
Meredith, ComponentOne's 
product manager of develop- 
ment tools. It also keeps query 
results current with back-end 
data changes. 

Perst 4.0 fixes 
persistence 

BY ALEX HANDY 

Since its creation, there has been 
one trouble spot for McObject's 
Perst embeddable database: per- 
sisting foreign objects. In Janu- 
ary, McObject released Perst 4.0, 
which fixes this issue and extends 
persistence to all objects, regard- 
less of where they came from. 

"The major improvement in 
it is the ability to store foreign 
objects," said Steve Graves, 
president of McObject. "We 
eliminated that hurdle, and 
we're now able to store any type 
of object, whether it's of the 
application creator's creation, or 
[it's] inherited." 

Perst is open source and 
available under a dual license, 
said Graves, adding that for the 
commercial license, annual tech- 
nical support costs US$2,000 per 
developer. 

Graves said that persisting 
any object was a tough challenge 
for the Perst team. "There are 
other products that [persist for- 
eign objects], but they ... either 
have a customized JVM that has 
some special capability that 
allows that to happen, or they 
inject bytecode into the pre- 
processed Java code," said 
Graves. Perst, he said, uses nei- 
ther of these methods. 

Instead, said Graves, the 
Perst team found a way to persist 
all objects inside the database 
code itself. That means that 
Perst doesn't have any external 
requirements, nor is it tied to a 
specific virtual machine. I 



Developers use the same 
LINQ syntax as they always 
have, but they will realize perfor- 
mance benefits and receive "live 
views" of data when they encase 
LINQ inside of the LiveLinq 
method, explained Meredith. 



The LiveLinq class library is 
available for the LINQ to 
DataSet, LINQ to Objects, and 
LINQ to XML LINQ 
providers. The company will 
extend the library to the LINQ 
to SQL provider in a future 



release, Meredith said. 

SHAPING UP TO SHAREPOINT 

Also in February, Component- 
One made available community 
technology previews of three 
Web Parts: a chart, grid and 



map. They install in Microsoft 
Office SharePoint Server 2007 
and Windows SharePoint Ser- 
vices 3.0, without requiring 
special coding, said Dan Beall, 
product manager for Compo- 
nentOne's Web Parts. I 
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Conformiq automates test generation 



BY ALEX HANDY 

Why write tests when you can 
have them written for you? Con- 
formiq, a formerly Finland- 
based automated test design 
company, is expanding its reach 
into the United States, where it 
hopes to sell its model-based 
automated test design tool. The 
company has been selling that 
tool, Qtronic, in Europe since 
2007. The move of their head- 
quarters from Finland to Sarato- 
ga, Calif., also comes with a new 
focus on Eclipse. 

A.K. Kalekos, president and 
CEO of Conformiq, said that his 
company's approach is different 
than traditional automated test 
design tools. "In a typical test 
process, people develop a test 
plan," he said. "The test plan 
enumerates all the different test 
cases that should be covered. 
They take the test plan and they 
start writing the test scripts. 

"We say [to] forget this man- 
ual approach. Figure out what 
you need to do to verify the 
product you've built behaves 
according to the specification, 
and also do the negative testing 



so that if the environ- 
ment around it cannot 
behave to the specifica- 
tion, then the software 
can deal with it. 

"The approach we've 
been advocating [is] 
instead of focusing on 
defining the tests, you 
look at the specification 
and you create a func- 
tional model of the 
test. This is specifically 
designed for test gener- 
ation." 

The functional model 
approach saves time and 
money, said Kalekos, he 
admitted that it does 
take a bit of getting used 
to. One of the first things users 
may want to do is simply trans- 
form their existing UML model 
into the test model. But Kalekos 
said that Qtronic works more 
effectively with a fresh model, 
and he added that testing against 
existing models can bring with it 
existing model errors. 

To be effective, users should 
build a fresh model of their 
application, but one that is 




Qtronic generates and manages tests from a Java and UML model generated by users. 



slimmed down and more 
focused on functionality than a 
design model, said Kalekos. He 
said that testing from the origi- 
nal design model can subject 
the tests generated to the same 
errors that may already exist in 
the application. 

"You can create a high-level 
model for architectural explo- 
ration. You can take that and 
refine it into a model for imple- 



mentation. Or you could take 
this high-level architectural 
model and refine it or simplify 
it to define a model for test gen- 
eration," said Kalekos. 

"You cannot use the same 
specification to generate the 
code and the test. If you start 
with a high-level architectural 
model, you could, but you're 
better off creating a separate 
model." 



That's because Con- 
formiq handles function- 
al testing from a higher 
level than most unit tests 
or simple function tests 
do. Antti Huima, CTO 
of Conformiq, said that 
the Qtronic tests are 
designed to test an appli- 
cation's function flow 
from front to back. 

"We don't model the 
buttons themselves," 
said Huima. "The model 
explains the logic on a 
higher level. Basically, 
the models are like 
- abstract small imple- 
mentations of the sys- 
tems you are testing ... 
We test more high-level things, 
like 'Create a report.' " 

The newest version of 
Qtronic includes an Eclipse- 
based front end, which can be 
tied into Eclipse-based issue 
tracking software. Because the 
system is entirely model-based, 
Qtronic can test any application 
regardless of language, though 
models must be designed in 
Java and UML. I 
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With less code, Ariba says it can build richer apps 



BY JEFF FEINMAN 

It might have been 10 years in 
the making, but business man- 
agement software company Ari- 
ba has released an open-source 
Web application development 



framework that attempts to 
build richer applications with 
less code. 

AribaWeb, released today, 
was an internal user interface 
framework that the company 



has used since 1999. AribaWeb 
is now available under an 
Apache license. 

"Ariba has been a big bene- 
ficiary of open source through- 
out the history of the company," 



said Craig Federighi, Ariba's UI 
technology evangelist. "We use 
all sorts of different open- 
source infrastructure in our 
own commercial software, and 
we felt we had an opportunity 




to give back something very 
meaningful to the open-source 
community." 

AribaWeb is written in Java 
and can work with applications 
written in Groovy or Java. Fed- 
erighi compared AribaWeb to 
Web application frameworks like 
JSF (JavaServer Faces), Ruby on 
Rails and Apache Struts. He 
claimed that AribaWeb enables 
building richer applications with 
much less code than other 
frameworks, an ability that 
comes from automatic AJAX UI 
features and technology for 
instantly creating applications. 

AribaWeb's Auto AJAX 
enables the production of AJAX 
UIs without any client-side 
scripting, whereas most frame- 
works require developers to 
write JavaScript in order to 
have AJAX behavior, Federighi 
said. 

Instant App, another fea- 
ture of AribaWeb, is a model- 
driven UI capability that can 
take business objects and cre- 
ate interfaces around them, 
allowing developers to search 
and edit those objects. This 
feature eliminates the need for 
code to maintain UI screens 
within business applications. 
With a set of Groovy or Java 
domain classes, Instant App 
can apply rules to available 
metadata to create an applica- 
tion with no user interface 
code. 

Additionally, a feature called 
Live Edit lets developers use 
drag-and-drop capabilities to 
edit applications while they're 
running. 

"When we compare the 
amount of code required to 
build an app with this technolo- 
gy compared to something like 
Ruby on Rails, which is normal- 
ly considered a very productive 
environment, AribaWeb takes 
between 10 to 100 times less 
code," Federighi claimed. 

"If you look at why people 
started maybe thinking about 
using Rails instead of PHP, 
which was better known at the 
time, they chose it because it 
gave them higher productivity 
and they could build more of 
what they wanted and ultimate- 
ly end up with a better app." 

Ariba was founded in Sun- 
nyvale, Calif., in 1996, and pri- 
marily focuses on spend man- 
agement software, which helps 
companies understand their 
corporate spending. I 
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VSTS gains database liberty 



< continued from page 1 

and useful" to developers even 
in situations where they may not 
be using Microsoft's entire stack, 
said Forrester principal analyst 
Jeffrey Hammond. " 'Works 
best' shouldn't mean 'Works 
only with.' If you look at the 
server team embracing PHP or 
the Silverlight team embracing 
Eclipse, each step is to try to 
appeal to as many developers as 
possible to preserve their inter- 

Infragistics injects 
Silverlight into 
business intel apps 

BY DAVID WORTHINGTON 

Infragistics has delivered a suite 
of Silverlight 2 data visualiza- 
tion controls designed for busi- 
ness intelligence applications. 

Net Advantage for Silverlight 
Data Visualization 2009 Vol- 
ume 1 includes a chart, gauge, 
map, timeline and zoom bar. In 
comparison to static ASP.NET 
controls, Silverlight enables 
two-way interaction, said Tony 
Lombardo, Infragistics' lead 
technical evangelist. 

The suite is priced at 
US$1,090 for new licenses and 
$545 for renewals. Customers 
that purchased Net Advantage 
for .NET or NetAdvantage for 
Web Client will receive it free 
of cost. 

"Silverlight adds new capa- 
bilities. An end user can drag a 
needle on a gauge, and the 
map control has drill downs. 
There is a live reading of val- 
ues rather than a static image 
being refreshed, and [also] 
many data binding options," 
he explained. I 
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est in the platform." 

Microsoft publicized the 
DSP model at TechEd in June 
2008 when it disclosed its part- 
nership with IBM to develop a 
DSP for IBM's DB2 database. 



That project is ongoing. 

The DSP model was first 
implemented in Visual Studio 
Team Edition for Database 
Professionals for SQL Server, 
said Chris Menegay, a principal 



consultant for Notion Solutions 
and Microsoft regional director. 
Microsoft's DSP tools are 
currently hardwired to SQL 
Server, so customers wanting to 
follow those best practices for 



DB2, Oracle and other databas- 
es will not see Microsoft tool 
support, said Menegay. "There 
are a lot of customers using 
databases other than SQL Serv- 
er, and from an ALM perspec- 
tive, you want the same work- 
flows... [DSP] is there today, 
just no one is taking advantage 
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LEADT00LS Document 
Imaging v 1 6: 

by LEAD Technologies 

LEADTOOLS Document Imaging has every 
component you need to develop powerful 
image-enabled business applications including 
specialized bi-tonal image display and 
processing, document clean up, high-speed 
scanning, advanced compression (CCITT 
G3/G4,JBIG2,MRC, ABC) and more. 

• Multi-threaded OCR/ICR/OMR/ 
MICR/Barcodes (1D/2D) 

• Forms recognition/processing 

• PDF and PDF/A 

• Annotation (Image Mark-up) 
•C/C++, .NET, WPF - Win32/64 

programmers.com/lead 



! dtSearch Engine for Win & .NET 

Add dtSearch's "blazing speeds" 
(CRN Test Center) searching and 
file format support 

• dozens of full-text and fielded 
data search options 

• file parsers/converters for hit-highlighted 
display of all popular file types 

• Spider supports dynamic and static web data; 
highlights hits with links, images, etc. intact 

• API supports .NET, C++, Java, SQL and more; 
new .NET Spider API 

"Bottom line: dtSearch manages a terabyte of 
text in a single index and returns results in 
less than a second. " — InfoWorld 
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Pragma Fortress SSH 
— Secure Connectivity 

by Pragma Systems 

Pragma Fortress SSH provides a comprehensive 
secure connectivity framework for enterprise 
customers. 

Full-featured server, graphical clients and graphical 
management capabilities are all included. 

Pragma Fortress SSH provides: 

• GSSAPI Kerberos & NTLM authentication 

• Accelerated SFTP & SCP file transfer 

• Supports over 1 000 sessions 

• Runs console applications & allows history 
scroll back within the same session 

programmers.com/pragma 



i c-treeACE™ Professional 

: by FairCom 

\ The c-treeACE database engine is a high performance 

j database alternative proven by developers in mission 

I critical enterprise systems, desktop deployments, and 

I embedded devices for over 25 years. 

• Complete set of APIs including AD0.NET, 
C#, C/C++, ODBC, JDBC,VCL, and "" 

• Graphical productivity tools 

• Simple deployment 

• No DBA or ongoing administration 

• Low deployment licensing costs 

• Cross-platform support for all major platforms 
including Windows, UNIX, Linux, and Mac OS X 

i Make your applications faster, easier to deploy, 

i and more affordable with c-treeACE. programmers.com/faircom 
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FarPoint Spread 
for Windows Forms 

The Best Grid is a Spreadsheet. Give your users 
the look, feel, and power of Microsoft® Excel®, 
without needing Excel installed on their machines. 
Join the professional developers around the 
world who consistently turn to FarPoint Spread 
to add powerful, extendable spreadsheet solu- 
tions to their COM, ASP.NET, .NET, BizTalk Server 
and SharePoint Server applications. 

• World's #1 selling development spreadsheet 

• Read/Write native Microsoft Excel Files 

• Cross-sheet formula referencing 

• Fully extensible models 

• Royalty-free, run-time free 

programmers.com/farpoint 



Mindjet MindManager 8 

by Mindjet 

Do you harness the wealth of data, 
Web pages, and other input that comes 
your way every day? Is there a way to 
use it more effectively to formulate new 
ideas, sharpen your focus, and ultimately 
drive your success? New MindManager 8 
for Windows is the answer. 

Unlike the usual linear-based approach of 
most productivity tools, MindManager 8 
uses mind-mapping technology to let you 
capture, organize, and communicate 
information using an intuitive visual 
canvas. You'll be able to work smarter 
and transform your ideas into action 
more quickly. 
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$2 99- 99 

programmers.com/mindjet 



Paradise # 
M39 19201A01 

$242.99 



SlickEdit 2008 
for Windows 

by SlickEdit 

SlickEdit 2008 is a cross-platform, multi-lan- 
guage code editor that gives programmers the 
ability to code in over 40 languages on 7 plat- 
forms. This latest version builds on the compa- 
ny's 20 years of experience in enabling devel- 
opers and development teams to create, navi- 
gate, modify, build, and debug code faster and 
more accurately. 
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| Telerik RadControls 

I by Telerik 

: Add grid, combo, editing, navigation and charting 

! functionality to your AJAX and ASP.NET projects. 

RadControls for ASP.NET enhances your Web 

■ applications by adding AJAX functionality to your 

■ ASP.NET projects. The suite takes full advantage 

■ of the features included in Visual Studio 2005. 
RadControls for ASP.NET helps developers deliver 

I feature-rich, standards-compliant (WAI-A, WCAG 

1.0, XHTML 1.1) and cross-browser compatible 
! Web applications, while significantly cutting 
I their development time. RadControls for ASP.NET 

includes: RadEditor, RadTabstrip, Radlnput, 

RadCalendar, RadUpload, RadWindow, RadAjax, 

RadGrid, RadCombobox, RadMenu, RadSpell, 

RadChart, RadTreeview and more. «*—.——.« ,««, /t-i^iL 
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VMware View Premier 
Starter Kit 

View Premier is an Enterprise-class 
Desktop and Application virtualization 
suite that enables you to take control 
of your desktops and applications while 
providing storage optimization. The 
Starter Kit is the entry level solution 
that includes 10 concurrent user licenses 
of VMware Infrastructure Enterprise, 
vCenter Foundation, ThinApp, View 
Composer and View Manager. SnS 
is required and sold separately. 
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TX Text Control 14 

Word Processing Components 

TX Text Control is royalty-free, 
robust and powerful word processing 
software in reusable component form. 

•. NET WinForms control for VB.NET and C# 

• ActiveX for VB6, Delphi, VBScript/HTML, ASP 

• File formats DOCX, DOC, RTF, HTML, XML, TXT 

• PDF export without additional 3rd party 
tools or printer drivers 

• Nested tables, headers & footers, text 
frames, bullets, numbered lists, multiple 
undo/redo, sections, merge fields 

• Ready-to-use toolbars and dialog boxes 




Professional Edition 

Paradise # 

T79 02101A01 

$ 919 99 
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Enterprise Architect 7.1 

Visualize, Document and 
Control Your Software Project 
by Sparx Systems 

Enterprise Architect is a comprehensive, 
integrated UML 2.1 modeling suite 
providing key benefits at each stage of 
system development. Enterprise Architect 
7.1 supports UML, SysML, BPMN and 
other open standards to analyze, design, 
test and construct reliable, well under- 
stood systems. Additional plug-ins are 
also available for Zachman Framework, 
MODAF, DoDAF and TOGAF, and to 
integrate with Eclipse and Visual Studio 
2005/2008. 

programmers.com/sparxsystems 
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Multi-Edit 2008 

by Multi Edit Software 

Multi-Edit 2008 delivers, a powerful IDE, 
with its speed, depth, and support for 
over 50 languages. Enhanced search 
functions include Perl 5 Regular 
Expressions and definable filters. 
Supports large DOS/Windows, UNIX, 
binary and Mac files. File Sync 
Integration for: Delphi 6, 7, 2005, 
C++Builder 6, BDS 2006 and RadStudio 
2007,VB6,VC6,VS2003&VS 
2005. Includes file compare, code 
beautifying, command maps, and 
much more. 
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Microsoft responds to new security challenges with 



< continued from page 1 

products up. To balance security 
with its need to ship software, 
Microsoft tests new SDL 
requirements across the compa- 
ny before they become manda- 
tory, Howard said. "Lots of rigor 
goes into making a require- 
ment," he added. 

"I personally feel that Micro- 
soft has been doing a fantastic 
job in this area. In fact, I have 
high hopes that Microsoft will be 
pushing more of their secure 
design methods down into Visu- 
al Studio and its development 
processes," said Caleb Sima, 
cofounder and former CTO of 
SPI Dynamics. Hewlett-Packard 
acquired the company in 2007. 

Microsoft is in the planning 
stage for a new version of the 
SDL that will be released inter- 
nally later in the year, according 
to Howard. One of the main 
objectives in the revision is to 
marry the SDL with agile pro- 
gramming methodologies. 

"More products at Microsoft 
are being developed using agile 
methods," said Howard. "The 
downside is that some of the 



stuff in SDL can take a long time 
to come to fruition. You can't do 
that on every single sprint." 

"Sprint" is a term used in 
agile development to describe 
the period of time that it takes a 
team to increment usable soft- 
ware. "Incrementing" is the act 
of creating a new build on top 
of a previous version. 

"The SDL was originally 
designed for Windows, and it 
was slotted to the Windows 
timeframe and development 
methodology," said Howard. 
Fearing that it was incompatible 
with agile development, Micro- 
soft began its efforts to marry the 
SDL to agile on a small scale. 

Parts of Microsoft's develop- 
er division and the SQL Server 
product team have been exper- 
imenting with adapting the 
SDL to agile. Those teams were 
able to "bucketize" require- 
ments into easy, low-friction 
bundles that didn't slow the 
sprint, said Howard. 

One example of how teams 
adapted the SDL is how they 
handled threat modeling. 
Microsoft uses a threat model- 




Microsoft's Steven Lipner says that 
SDL requirements will be adaptable. 

ing tool internally to review the 
design and implementation of 
its software in order to deter- 
mine requirements for security 
features. 

"A threat model can take a 
month to build," Howard said. 
Instead of creating a full threat 
model, the teams documented 
components that they were cre- 
ating for each sprint, he 
explained. "It didn't impede any 
deliverables from any sprint, 
and the teams were happy." 

Additionally, SDL require- 



ments will vary with code and 
languages, another major factor 
in evolving the SDL to new 
computing styles and para- 
digms, said Lipner. "We opti- 
mize the SDL for new develop- 
ment models and processes." 

For example, the Windows 
Live team will focus more on 
SQL injections than buffer 
overruns. However different 
their products may be in form, 
Microsoft's product groups still 
have equivalent requirements 
and must follow the same veri- 
fication process that mandates 
the SDL, he noted. 

That has permitted the SDL 
process to become more auto- 
mated. "Originally the SDL was 
about questions; programming 
managers checked to see if 
things were done," said Lipner. 

Additionally, there is a train- 
ing requirement for engineers in 
software groups covered by the 
SDL. Microsoft engineers 
receive annual training on secu- 
rity considerations, and they 
were initially enrolled in live 
courses three to six times a week, 
Lipner said. Live training has 



since been reduced to special 
occasions, having been mostly 
replaced with online courses. 

"The next step for the SDL 
or something similar is broad 
acceptance in academia. We 
need developers trained on 
SDL and we need a special pro- 
gram for SDL testing experts," 
said Jon Oltsik, a senior analyst 
at Enterprise Strategy Group. 

Microsoft also updates the 
SDL to fill gaps so that vulnera- 
bilities do not resurface in other 
products. For instance, testing 
tools were updated in response 
to a flaw in how Windows han- 
dles animated cursor files. Said 
Howard: "The updated tools 
found it quickly." He noted that 
it is important that developers 
focus on extra defenses. 

"At the end of the day, the 
SDL is divided into two huge 
buckets: [getting] the code right 
and also knowing that we're nev- 
er going to be 100% correct," 
Howard said. While it is honor- 
able to focus on trying to get the 
code right, there is an inevitabil- 
ity of failure, he explained. 

In early February, self- 




Telling security stories 



Microsoft hopes its comics will prod its partners to think about security. 



BY DAVID WORTHINGTON 

Microsoft's Steven Lipner has 
"war stories" to tell. Lipner, 
who is Microsoft's senior direc- 
tor of security engineering 
strategy, was on the front lines 
as Microsoft was reeling from a 
battery of highly publicized se- 
curity incidents at the start of 
the decade, and he was charged 
with making its products more 
secure. 

The work that Lipner and 
his team did became the basis 
for the security assurance 
process that the company fol- 
lows today. 

Nearly eight years ago, while 
he was he director of the 
Microsoft Security Response 
Center, Lipner received a 2:00 
a.m. cell phone call alerting him 
to the spread of the Code Red 
worm. "We had to figure out 
what was happening [and] our 
response, and we cobbled 
together a removal tool to help 
people recover systems. It was 
ad hoc; there was lots of con- 
demnation and negative press," 
he said. 

Later, in the fall of 2001, 
which Lipner acknowledged 



was a "pretty awful year from 
the perspective of Microsoft 
and security," exploit scenarios 
for Windows Universal Plug 'n 
Play set off alarm bells all the 
way from Redmond to Wash- 
ington, D.C. Microsoft was in 
conference calls with Carnegie 
Mellon University's Computer 
Emergency Response Team, 
the FBI and the White House, 
he said. 

Following that incident, 
Microsoft "applied some effort" 
to improve the security of the 
Windows XP codebase, said 
Lipner. "We thought that we 
had made progress. Then The 
Seattle Times goes front page 
about an awful vulnerability in 
the new Microsoft operating 
system... It was a kick in the 
guts, and morale was not good." 

From that point on, Micro- 
soft mobilized to tackle its secu- 
rity woes. Company executives, 
including Bill Gates, engaged 
Lipner and his team to "deter- 
mine what could be done tech- 
nically to get ahead of its prob- 
lems," he said. 

Shortly thereafter, work 
began on what was the precur- 



sor of Microsoft's Security 
Development Lifecycle. The 
SDL is the software security 
assurance process that Microsoft 
follows as it develops software. 

Lipner's team took its cues 
from the .NET production 
team, which had effectively 
stopped development on the 
Common Language Runtime 
(CLR) before it shipped. In 
doing so, the team got the bug 
rate down to a "vanishingly 
small" amount, he said. 

By November 2001, Lipner 
decided that he would attempt 
to replicate the CLR team's 
efforts across 8,500 Windows 
developers, he said. "I tried the 
idea on my director, and he 
said, That might work,' and 
told me to work on a plan." 
Within a matter of weeks, and 
with some higher-level execu- 
tive engagements, it became 
evident that Windows develop- 
ment would freeze by Decem- 
ber, he added. 

Then it was up to the Win- 
dows component teams to pre- 
pare plans on what they were 
going to do, said Lipner. "The 
process pulled together, and we 
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revisions to its mandated SDL process 



declared sleuths uncovered two serious 
vulnerabilities in Microsoft's User 
Account Control security feature in Win- 
dows 7. The vulnerabilities, since correct- 
ed, would permit malicious software to 
turn off UAC or even to elevate its own 
privileges on systems where the user 
account had administrative access. 

Microsoft has redesigned UAC to run 
in a high-integrity process, meaning that 
malware would require elevation prior to 
changing the level of security that UAC 
provides. Lipner said that UAC is at the 
boundary between usability and security 



mitigation. "One thing you don't want to 
do is go too far toward security and away 
from usability; that may make someone 
turn the feature off altogether," he said. 

"I look at this and I say 'mistake,' and 
that is it. Not a fundamental flaw in 
their secure development process, 
which (by the way) is the most advanced 
process that any software company has 
to date," said HP's Sima. 

Sima predicted that there would be 
"black hat" talks demonstrating how a 
hacker could bypass Microsoft's security 
restrictions, but he said that what really 



matters is how much the number of secu- 
rity disclosures of Windows vulnerabilities 
has fallen since the days before the SDL. 

"Considering that the intellect of the 
hacker has gone up since then, and the 
market adoption is higher [while] the 
vulnerabilities are lower, [tell] me that 
Microsoft is on the right track. They 
may not be perfect, but I'm impressed," 
he said. 

There is a growing number of people 
who have the motive, opportunity and 
skills to attack, said Rex Black, president 
of Rex Black Consulting Services. 



FOUR THINGS TO KNOW ABOUT THE NEXT INCARNATION OF THE SDL 



Michael Howard, principal security program manager of the SDL Team, comments on what's in store for its next incarnation: 

SDL reguirements for agile are divided 
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The SDL process will evolve over the next 
i year— targeted areas are still under evalu- 
ation but may include guidance for using SDL 
in specific application deployment scenarios. 
This will likely include new offerings in all 
•four major thematic areas: process, train- 
ing, partners and tools. 
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design review and response plans. SDL 
reguirements do not always fall into every 
sprint. 

All threats discovered since the last SDL 



4. 



will be documented in the new version. 



Microsoft cannot comment in more detail at this time due to legal constraints, a spokesperson 
said. SLA items will be finalized for inclusion approximately 30 days before the new process is 
updated, but Microsoft's legal team will not let them commit to items in writing before that deci- 
sion is made because of liability reasons. 



"What we have seen over the last 
decade is nothing less than the whole- 
sale professionalization of computer 
crime, with the Internet as the highway 
that makes the modern-day digital high- 
wayman possible," he said. And with 
tens of millions of lines of constantly 
evolving code, it is just a matter of time 
until a defect slips by, he added. 

He explained that Microsoft and its 
software engineers must come to grips 
with the size, complexity and constant 
mutability of Windows — essentially play- 
ing a game of multidimensional chess 
against hackers. Another major current is 
environmental churn — changes in the 
technological environment in which the 
operating system exists — that may make 
it difficult for Microsoft to foresee 
threats that may not exist at the time the 
software is written, he said. 

"While the SDL can and should be 
part of the solution, the problem we face 
is one that absolutely will not submit to 
a single solution, no matter how well 
executed, especially when that solution 
is executed by fallible human beings in a 
situation that exceeds the complexity of 
anything we've built in 10 millennia of 
human civilization," Black concluded. 

Microsoft is under no pretense that 
the SDL is perfect, as Microsoft's 
Howard acknowledged. "Threats are 
constantly evolving, and it's important 
that we stay one step ahead of those 
threats," he said. I 



from the front lines 



stayed a step ahead of a mass of people." 
That work led to a US$200 million, two- 
month commitment to overhaul Win- 
dows security, which was originally slat- 
ed for just one month, he noted. 

Following the Windows XP security 
push, Lipner was asked to produce an 
independent security review for Win- 
dows 2003 Server. That led to 
Microsoft developing an internal secu- 
rity science capability, as well as the 
SDL final security review that is 
required before software ships out of 
Microsoft today, he said. 

The security review process was 
repeated for Microsoft Office Exchange 
Server and SQL Server, he said. "SQL 
was amazing. There were 30 vulnerabil- 
ities in the 2-to-3 years before the push, 
and just two or three in the 4-to-5 years 
afterwards," he said. 

Lipner and his team then proposed 
creating a formal SDL in 2004. Prior to 
the SDL, "I had a lot of 15-, 16-, 17-hour 
days," he quipped. 

In September 2008, Microsoft pub- 
lished the SDL as well as a model for 
adopting it. It also created a network of 
security professionals to take its SDL 
experience to customers, and it began to 
offer its threat modeling tools to help 
organizations review the design and 
implementation of their software in 



order to determine requirements for 
security features. 

"I am a big supporter and believer of 
SDL," said Jon Oltsik, a senior analyst at 
Enterprise Strategy Group. "Certainly 
Microsoft was under the gun to do 
something, and probably thought of 
SDL initially as a defensive move against 
some type of regulation or litigation." 
With SDL, Microsoft has trumped the 
software industry, he added. 

"I hear from more and more compa- 
nies that are catching up to where 
Microsoft already is," he said. 

Mike Gualtieri, senior analyst at For- 
rester Research, said that the SDL is 
comprehensive but overwhelming for 
most enterprise development shops. 

"Since SDL is probably a cost center, 
Microsoft has not promoted it as much 
as it should, and for the most part, devel- 
opers are not security savvy. I hope 
Microsoft will do more to make SDL vis- 
ible," said Oltsik. 

The most accessible portion of the 
SDL is Microsoft's Threat Modeling 
Tool, Gualtieri noted. "It is a very big 
step in the right direction because it is 
targeted towards developers... The 
Microsoft SDL Threat Modeling Tool is 
not a panacea, but it will open develop- 
ers to ideas to a side of security they nev- 
er before considered." I 
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In the cloud, need for governance becomes clear 



< continued from page 1 

ments, he said. At the same 
time, enterprises need to 
assume responsibility to ensure 
that mission critical business 
processes are safely supported 
by on-demand technology to 
minimize the loss of service and 
data loss, he added. 

"Governance in the cloud 
means the same as governance 
in SO A, except service level is 
1,000 times more important," 
said Ross Mason, CTO and 
founder of MuleSource. Devel- 
opers that consume third-party 
services through interfaces 
across the Web need to know 
about SLAs, he added. "One of 
the piece of [cloud] governance 
is to provide that crucial infor- 
mation." 

"Cloud computing begets 
good IT governance; a focus on 
IT governance leads you to the 
cloud," said Telford. If you are 
building a cloud, it will have 
the attributes of good gover- 
nance, such as financial visibili- 
ty into the cost of services and 
the ability to more accurately 
deliver on SLAs by taking con- 
trol over how resources are 




IBM's Ric Telford says that cloud 
computing and good IT governance 
go hand in hand. 

provisioned, he explained. 

"As IT organizations seek to 
adopt the benefits of cloud 
computing, it's important that 
they do it in a way that aligns 
with their own IT governance 
strategies," said Ariel Kelman, 
Salesforce.com s senior director 
of platform product marketing. 
Cloud adoption, he said, should 
be done in a way that does not 
disrupt but reinforces gover- 
nance processes. 



One of the unsung benefits 
of cloud computing is reintro- 
ducing the centralized control 
enjoyed during mainframe era, 
Kelman said. Some Salesforce 
customers are using the cloud to 
eliminate rogue applications in 
their organizations that can 
cause compliance issues, includ- 
ing databases and spreadsheets, 
he noted. 

Software-as-a-service and 
platform-as-a-service have huge 
potential for governing applica- 
tions, said Xactium CEO Andy 
Evans. Xactium produces a 
Salesforce-hosted service for 
managing corporate gover- 
nance, risk and compliance 
requirements. 

The cloud enables enterpris- 
es to provide central points of 
information for sharing and 
managing risk data, he 
explained. "When you turn a 
spreadsheet into a cloud appli- 
cation that is then part of multi- 
tenant platform, it becomes 
controllable and manageable by 
the IT department; data is 
accessible across the organiza- 
tion, or can be invisible." 

While the cloud may offer 



advantages in enforcing gover- 
nance processes, the onus is 
still on the developer to manage 
services from the easiest stages 
of development, Kelman noted. 

Customers should do some 
due diligence on development 
technologies that help maintain 
governance regardless of what 
environment they run in, said 
Kelman. Cloud databases still 
must have built in audit trails, 
he noted. 

Organizations that use cloud 
services also need a way to val- 
idate services and have rules 
and policies around users, said 
Michael Crandell, CEO and 
founder of RightScale, the 
developer of a cloud comput- 
ing management platform. 
Cloud server templates should 
be trusted enough to be 
launched predictably and auto- 
matically, and in that way, they 
become a tool for governance 
and compliance management, 
he observed. 

"As much as security is an 
open question in the cloud, in 
some ways it's easier to control 
what's going on in the cloud," 
Crandell said. 



On-demand vendors oper- 
ate a myriad of data centers that 
have extraordinary policies for 
redundancy and security, 
including physical security, 
which most enterprises lack, 
Beagle Research's Pombriant 
noted. "My reading of the mar- 
ket though is that big hacking 
stories have been about hackers 
getting into conventional IT 
departments that should have 
had very secure technologies 
and processes in place to secure 
customer data." 

However, he acknowledged 
that cloud services are most 
often used to handle front 
office data, and that the most 
sensitive information in the 
enterprise, such as consumer 
credit card data, still reside on 
internal servers. 

Some people think that it's a 
fad and don't have a cloud strat- 
egy, said IBM's Telford. "But 
when you are focused on IT 
governance and do the right 
things with architecture and 
strategy, you have basically built 
a cloud. Cloud computing is the 
evolution of optimized and well- 
defined IT infrastructure." I 
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Virtual bridges, 

from development to IT 



When agile becomes fragile, 
visualization can help bridge the gap 



BY ALEX HANDY 



For all their similar tendencies, 
software developers and systems 
administrators don't have a lot in 
common. Developers worry 
about timelines and agility. Sys- 
tems administrators worry about cost 
and control. But for both sides of that IT 
fence, virtualization technology is a hot 
issue, whether its in the test lab, on the 
developer desktop or on the server. 
Many of virtualization's proponents see 
the technology as a way to bridge the 
gap between operations and develop- 
ment. The path to that bridge, they say, 
is often through the test lab. 

It's in the test lab that the most pow- 
erful and thrifty benefits of virtualization 
can be quickly realized, said Roger 
Klorese, senior director of product mar- 
keting at Citrix. 

"When you look at the fundamental 
economics of what it takes to have 10 
developers working on five different sys- 
tems at once, the cost of spinning up 50 
servers to do that are prohibitive to a lot 
of development environments," said 
Klorese. He added that virtualization 
gives developers "the ability to spin up 
multi-tier applications and multi-node 
networks." 

Indeed, virtualized test environments 
save time and money, not to mention the 
many forms and hours spent requisition- 
ing equipment from IT operations. 

Another hidden benefit is from the 
continuity virtualization can bring to a 
support team. "A support organization 
can look at a given user's exact deploy- 
ment of a given application or a given 
group's exact configuration," said 
Klorese. "That really accelerates the 
support and remediation process." 

Derek Slayton, senior director of 
product management at Citrix, said that 
the move to virtualization in a test envi- 
ronment could warrant a major new job 
duty for someone on the team: virtual 
machine wrangler. "In a lot of cases, 
there's some upfront work that goes into 
it, but it certainly has a quick payback 
period in terms of efficiency," he said. 
"It has also given more self-service capa- 
bilities to those environments without 




having to involve operations." 

The new development team obliga- 
tion can be met with some old tactics, 
however, such as regression testing. 
New lab management tools from Citrix, 
Microsoft and rPath, for example will 
soon be available to assist with wrangling 
the virtual machines used in nightly 
tests. These management tools all 
include repository-like functionality for 
managing and storing the different iter- 
ations of virtual machines required for 
proper regression testing. 

CONTINUOUS DEPLOYMENT 

Virtualization's rise in the development 
environment comes part and parcel with 
its rise in the server farm. Dai Vu, direc- 
tor of virtualization solutions marketing 
at Microsoft, said that developers have 
traditionally driven virtualization adop- 
tion in large organizations. 

"I think before [developers] decide 
to adopt virtualization, they are proba- 
bly feeling some level of pain in devel- 
oping the application life cycle in a tra- 
ditional environment," said Vu. 



"There's got to be a big driver. I think 
virtualization enables a few things," 
such as flexible hardware resource allo- 
cation, snapshotting, library manage- 
ment and multi-machine configura- 
tion. 

Vu said that management of those 
virtual machines will eventually be 
added into the Visual Studio portfolio 
of products. He said that Microsoft 
plans to introduce a lab management 
tool sometime later this year, and that 
it will allow developers to categorize 
and manage the many virtual machines 
that accumulate in a test lab over time. 

Managing those virtual machines 
can call for some modern solutions, 
said Klorese. As of this writing, Xen 
was scheduled introduce its own test 
lab management solution in late Feb- 
ruary. 

"There's certainly a lot of thought 
that goes into the setup," said Klorese 
about virtual test labs. "There are some 
things you can do to make organizing 
that a lot easier. We can use custom 
fields and tags to say, This set of virtu- 



al machines runs this application, this 
belongs to this team or this project.' 
That makes it a lot easier to manage as 
those numbers go up." 

Brett Adams, vice president of engi- 
neering at rPath, said that virtual 
machine management can be simpli- 
fied even further by using an automat- 
ed application profiler. His company 
offers such a tool, which examines a 
running application, then determines 
what portions of the code and software 
are needed to run the entire operation. 
This slimmed-down operating system 
environment is then output as a virtual 
machine, ready for deployment. Adams 
said that this process can save time for 
the developer who's been tasked with 
building the hundreds of environments 
needed for regression tests. 

The trick, then, becomes to extend 
that time savings into the deployment 
side of the operation, said Jake Sorof- 
man, vice president of marketing at 
rPath. 

"There's typically an individual or a 
group that's responsible for deploy- 
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ment," said Sorofman. "That's the per- 
son who's being crushed by the pressure 
to deliver applications more rapidly and 
[by] the growing complexity of the tar- 
get environment those applications 
need to be deployed against. The itera- 
tive fast development cycles that 
require you to build, deploy and tear 
down for the purpose of test develop- 
ment are bringing that role to the brink. 
That's where we see most of the pain." 

THE VISUALIZATION BRIDGE 

Sorofman said that the gap between 
development and deployment is a big 
problem that virtualization may eventu- 
ally solve. 

"The challenge for developers is how 
does our agile development approach 
map into the next phase, from QA [to] 
development test, and ultimately into 
production?" said Sorofman. 

"We're living in that gap between 
what comes out of the continuous devel- 
opment process and what comes after. I 
think if you look at a lot of organizations, 
there's a blurry thing in the middle." 



The tough part is determining who 
should be responsible during deploy- 
ment, he said. "Is it development or QA? 
Is it a release manager, is it a member of 
ops, or is it one of each?" 

Sorofman said that virtualization is 
helping to clear this mess up. "On the 
application side, they're motivated by 
speed and flexibility," he said. "Those 
two concepts are completely lost to the 
folks on the ops side, who are focused on 
cost and control. Apps and ops really 
don't get each other, but this notion of 
cloud computing is really starting bridge 
the gaps." 

That's because cloud computing 
lends itself to prepackaged virtualized 
instances of applications. Because cloud 
computing necessitates virtualization, 
both development and operations are 
able to standardize on a single method 
of deployment: virtual machines stream- 
lined and ready to go. 

"One of the things that has become 
interesting to us," said Adams, "is devel- 
opment organizations that are saying, 
'Great, how do I get my applications up 



on Amazon's EC2, not for production, 
but for test?' We're seeing quite a bit of 
interest in Amazon, particularly as a 
development test platform. It's on- 
demand and low cost." 

VIRTUAL SERVICES 

One issue that arises when virtual tests 
enter the cloud, however, is that of SO A. 
When an application is tied into a net- 
work of services offered throughout an 
organization's internal network, how can 
they be added into a test environment? 
John Michelsen, CTO and founder of 
iTKO, said that this issue can be trou- 
blesome for large development projects 
inside and outside of the cloud. 

"In the real world, there's an airline 
in Dallas that has 1,500-plus regression 
tests that run on a nightly build," said 
Michelsen. "They spent three or four 
hours dealing with about 10% of those 
tests failing every night. The vast major- 
ity of the failures were false failures." 

Another major issue that can snarl a 
virtualized test environment is variance 
between a tested virtual machine and a 



deployed one. Andrew Cathrow, prod- 
uct marketing manager for virtualiza- 
tion solutions at Red Hat, said that his 
company is addressing this problem by 
offering a guarantee of virtual machine 
continuity. 

"If you certify on Red Hat Enter- 
prise Server Linux (RHEL), here's the 
set of APIs; we won't change that 
behavior in the life of that release. If 
they move from RHEL 5 to 5.3, they 
don't want to have to get the ISV to test 
on every patch we release. We're going 
to guarantee these releases," said 
Cathrow. 

"We extended that recently into vir- 
tualization. If you see a difference in 
behavior between a system and a virtu- 
alized system in a hypervisor, we treat 
that as a bug." 

Cathrow also said that Microsoft and 
Red Hat recently entered into an agree- 
ment to support each other's operating 
systems in virtualized environments. That 
means if a developer is having trouble 
with Windows running in a hypervisor on 
top of Red Hat, they can call Red Hat for 
support. This also works the other way, 
with Microsoft offering support for users 
virtualizing Red Hat on top of Windows 
in Hyper- V. 

THE ROAD TO REPOSITORIES 

The future of virtualization in the 
development environment is leading to 
repositories. As developers take on 
more virtual test environments, more 
work falls on the shoulders of the fel- 
low whose job it is to manage and 
develop all of those environments. 
Adams said that the move towards vir- 
tual machine repositories mirrors the 
move to version control systems in soft- 
ware development. 

"The repository approaches are 
important," said Adams. "One of the 
things that happened many years ago in 
software development was that we 
accepted [that] version control was good 
for us. Once you got that in place, it was 
just taken for granted. That same con- 
cept of bringing strong repository-based 
version control to everything down- 
stream of development — to the way 
things are assembled, to the way pro- 
duction instances are versioned and 
upgraded — should be a version control 
operation, not, Tush a few buttons and 
run a few scripts and cross our fingers.' 

"At our core, we have deep version 
control information at the heart of how 
we solve this problem. We think that's 
the answer. I don't think anyone with a 
development background would look at 
it strangely." 

That means more storage and more 
systems to control, but Adams said 
that, in the end, maintaining a single 
repository is simpler than maintaining 
an entire test lab of dedicated 
machines. And therein lies the promise 
of virtualization in the development 
world: fewer machines to manage, 
more tests to run. I 
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FROM THE EDITORS 

Strong governance 
and the cloud 

As enterprises consider baking cloud projects — either pilots or 
deployments — an essential ingredient is "governance." Consider all the 
aspects of risk management that are essential for governance. Those 
encompass everything from service-level agreements to backup plans, 
from version control to security from data migration to SOA integration. 

What level is the right level of governance for the cloud? What's the 
right definition of cloud governance? We believe that the best definition 
should be the one you already have. In other words, you should apply the 
same levels of governance to your cloud projects as you would to the 
same project as if it were hosted within your own data centers. 

Do not compromise your principles in order to jump onto the cloud 
bandwagon unless you truly are experimenting. Don't water down your 
governance principles and corporate directives to meet what the cloud 
provider offers. 

Expect cloud service providers to describe their security policies, and 
make sure that you're comfortable with them. Look for service-level 
guarantees with real teeth, not just a "we'll refund a prorated amount of 
your service fees" clause. 

Not only that, but do true due diligence evaluations on cloud hosts, just 
as you would with any other IT service provider. Remember, you're not 
buying software, you're buying services. Check references. Talk to cus- 
tomers. Get to know someone at the service provider beyond the sales rep- 
resentative (or the sign-up Web form). Find out where the data centers are. 

And don't settle for less than what you'd expect from any other service 
provider. Just because they're a huge industry name doesn't mean that 
they're the right service provider for your business. 

At the end of the day, the reasons for going with a cloud deployment 
are that it's a good financial deal for your company, or because the cloud 
offers you capabilities that you can't easily build yourself. Without gov- 
ernance, you, and the cloud providers, can't deliver on those benefits. 

Microsoft showed you theirs, 
so show us yours 

Kudos to Microsoft — again — for its approach to the Security Development 
Lifecycle. Over the past few years, the folks in Redmond have impressed 
us with their willingness to share their internal principles for writing secure 
software. Despite the conventional wisdom that all of Microsoft's software is 
buggy and insecure, the reality is that the company's code quality has steadily 
improved since the launch of its SDL initiatives. Has Microsoft won the bat- 
tle? No. But the SDL has made a difference. 

What impresses us about the SDL is Microsoft's willingness to share it. 
That's the type of transparency that's too often lacking in our industry. Soft- 
ware companies, especially those selling platforms, should be more open. 

Microsoft has shown that they use their principles for developing 
secure software. Here's a partial list of companies and organizations that 
should do the same: Adobe, Amazon.com, Apache Software Foundation, 
Apple, CollabNet, Eclipse Foundation, Free Software Foundation, 
Google, Hewlett-Packard, IBM, Intel, Linux Foundation, Nokia, Novell, 
Oracle, Red Hat, Salesforce.com, Software AG, Sun Microsystems, 
Sybase, TIBCO, VMware and Yahoo. 

Yes, that list includes open-source players. A claim frequently made (with 
good justification) by open-source projects is that the ability to see the 
source code means that bugs and security weaknesses can be identified. We 
believe you. However, we'd still like to see your documented processes for 
making sure that your software is being created with security in mind. 

If you work for one of those companies, send us your security develop- 
ment life-cycle documentation, or a link to where it's publicly visible to your 
partners and customers. Write to feedback@bzmedia.com. We're waiting. I 
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White box testing comes up short 



In his column ("When 100% code cover- 
age is not enough," Feb. 1, page 24), 
Andrew Binstock is correct that tradition- 
al code coverage measures address only 
instruction and/or the more demanding 
branches and path executions, without 
taking into account the numerous ways in 
which each can be executed. However, he 
misses the bigger, more important failings 
of white box structural code coverage 
metrics: They have nothing to do with 
whether the code is right, and since they 
reflect only what has been written, they 
are irrelevant for anything omitted from 
the code. To be meaningful, such cover- 
age metrics must be taken in the context 
of adequate black box functional testing. 
Robin F. Goldsmith 

WEAK LINK 

Regarding your News On Monday 
"Linkapalooza" item from Feb. 9: "Reg- 
ular expression matching can be fast and 
simple." 

This article about NFA and DFA 
implementations of regexps has been 
discussed at length, including considera- 
tions from the core Perl team responsi- 
ble for regexps. 

I don't think they'd quite call it a troll, 
but the reason that Perl (and others) use 
an NFA rather than a DFA approach is 
because "while DFA engines have a very 
good worst case match time, they don't 
actually have too many other redeeming 
features," and, "So there will be classes 
of patterns that NFA will not do well, 
but on the other hand there are patterns 
that a DFA cannot do at all, which is less 
useful than doing them slowly." 

See the start of the discussion at 
tinyurl.com/2tkxwx and at tinyurl.com 
/cjf7gt in particular (demerphq is, I 
believe, in charge of regexps in Perl). 

Unfortunately the article comes up 
regularly and the rebuttals less frequently. 

Tim Meadowcroft 



COMMENTS FROM 



Larry, I love how you end this ("Qual- 
ity: You are gonna need it" March 1, 
page 33): "Quality is the route to pro- 
ductivity. If you need productivity, you 
need quality. Quality can be improved 
with a balanced emphasis on code 
production, testing and design. You're 
gonna need all those things." 

We are rabid about code quality at 
NCover. Bad products sap the morale 
of the programmers who have to get 
involved to fix them. Here is one thing 
that we have noticed: Most developers 
don't want to write bad code; they just 
plan for any other option... 

Daniel Waldschmidt 

[In regards to the Feb. 4 issue of the 
SP Tech Report newsletter, "Share 
Pointers: Yes/No fields aren't your 
friends"] As a database programmer, I 
would disagree. In fact, I would say 
that the CQWP [Content Query Web 
Part] is not performing as it should and 
thus should be changed. In my opin- 
ion, data fields should reflect, as close- 
ly as possible, the data type stored 
within. You wouldn't use a varchar 
field to store timestamps, and you 
wouldn't use a decimal field to store 
integers. Why use an xxchar field to 
store bit values? I would humbly 
accept someone telling me that I'm 
wrong. 

"Brian" 

WHAT DO YOU THINK? 

SD Times welcomes feedback. Letters should 
include the writer's name, company affiliation 
and contact information. Letters become the 
property of BZ Media and may be edited for 
space and style. Send your thoughts to 
feedback@bzmedia.com. 
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Adobe received the highest rating among companies with RIA platforms in Gartner's 
"MarketScope for AJAX Technology and RIA Platforms" survey, scoring the only "Strong 
Positive" rating. The companies, which included Google, Microsoft and Oracle, were rat- 
ed based on market adoption and platform features, among other criteria. 
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A discontinuous jump 



For an engineer, creating a dishwash- 
er is more fun than washing dishes. 
Creating a car to take you places is more 
exciting than walking or running. Creat- 
ing a factory to assemble cars is an even 
more interesting challenge than assem- 
bling cars. 

The drive to create new and 
improved tools is an innate 
part of the human condition, 
hard-coded into our DNA. We 
are never quite happy with the 
current state of affairs and are 
always looking for ways to cre- 
ate new tools that minimize 
our labors and maximize our 
wellbeing, relaxation and 
recreation. 

The historical timeline for 
our tool capabilities progresses 
through continuous and incre- 
mental improvements, with an occasion- 
al discontinuous jump . That term comes 
from calculus where, for our tool exam- 
ple, a smooth increasing graph reaches a 
point of discontinuity, makes a vertical 
stair-step jump, and then continues 
again as a smooth increasing graph. Dis- 
continuous jumps in the context of tools 
arise from pivotal discoveries that lead 
to paradigm shifts. 

Archeological indicators of discontinu- 
ous jumps in tools can be seen in the con- 
centric fortifications around ancient cities. 
Smaller inner walls are circumscribed by 
taller and thicker walls, then encircled by 
huge earthen embankments and trench- 
es. Each concentric layer demarcates a 
point in time where there was a discontin- 
uous jump in the tools of war that ren- 
dered the previous fortifications obsolete. 

Most software engineers — at least 
those not yet of retirement age — have 
never experienced a discontinuous jump 
in our tools and methods. Good news: 
That situation is at long last about to 
change. 

The software engineering field has 
exhibited a rather monotonous timeline 
of continuous and incremental improve- 
ments in our tools and methods, with 
only one notable discontinuous jump in 
our 60-plus-year history. That event 
occurred over 50 years ago, when high- 
level languages and compilers supplanted 
low-level binary and assembly language 
programming to reduce the program 
statement count by approximately a fac- 
tor of 20, and software delivery time and 
effort by approximately a factor of 5. 

Of course, this rather mundane reali- 
ty hasn't dampened the spirits of our 
marketing teams. They are still having 
their fun with claims of order-of-magni- 
tude improvements. But if you look 
beyond the anecdotal evidence and indi- 
vidual case studies, the software field 
has not experienced an across-the-board 
discontinuous jump since the advent of 
Fortran and COBOL compilers. 




In his widely cited article, "No Silver 
Bullet: Essence and Accidents of Soft- 
ware Engineering," Fred Brooks argues 
convincingly that the lack of discontinu- 
ous jumps in software engineering is a 
predictable and fundamental characteris- 
tic of creating software. Although we 
expect continuous incremental improve- 
ments in the way we express 
problems that we solve with 
software, Brooks argues that 
the complexity of these prob- 
lems remains relatively con- 
stant — and very high. We can 
never reduce this essential 
complexity, and it determines 
the lower limit on how quick- 
ly we can express a solution 
through software. 

In spite of Brooks' 1987 
prediction, two forces are at 
play today in creating a new discontinuous 
jump in software engineering. The first of 
these forces is in the problems we are 
asked to solve. It is in the prevalent 
demand for most software and software- 
based system companies to create and 
maintain larger and larger product lines — 
portfolios of similar products with varia- 
tions in features and functions — rather 
than just individual one-of-a-kind prod- 
ucts. Using traditional development tools 
and methods, the complexity of develop- 
ing a product line grows proportionally to 
the square of the number of products (or, 
order-of-N 2 ). As a result, the complexity of 
engineering our expanding product lines 
is outpacing the linear incremental 
improvements of our software tools and 
methods. 

The second of these forces is in a new 
approach in software tools and methods 
for engineering product lines, referred 
to as software product lines. A new gen- 
eration of SPL tools and methods has 
constrained the complexity of creating 
and maintaining a product line from 
order-of-N 2 to a linear order-of-N. The 
result is a consistent twofold to tenfold 
improvement in software development 
metrics like productivity, defect density, 
time-to-market and portfolio scalability. 
In other words, a discontinuous jump. 
This raises a few important questions. 
In light of Brooks' longstanding pre- 
diction that we wouldn't see such an 
across-the-board discontinuous jump of 
improvement in software engineering 
tools and methods, how is this possible? 
There is an implicit assumption in 
Brooks' argument that the complexity of 
the problems we solve with software will 
evolve slower than the capabilities of the 
tools we use to solve them. The expand- 
ing product line problem, with its order- 
of-N 2 complexity growth, invalidates this 
assumption, inducing a rapid increase in 
a new type of complexity for most orga- 
nizations and opening the door for piv- 
otal discoveries and innovations. 



What is the key ingredient of an SPL 
solution that allows for the dramatic 
reduction in complexity compared to 
traditional software tools and methods? 
Traditional approaches and even early- 
generation SPL approaches tend to take 
a product-centric view, where every 
defect fix or requirement enhancement 
on any product in a product line may 
need to be reflected similarly in other 
products in the line. This interdepen- 
dency among all products leads to the 
order-of-N 2 complexity. 

New-generation SPL tools approach 
a linear order-of-N complexity by 
exploiting a manufacturing approach to 
creating and maintaining a product line. 
It is very similar to engineering a single 
automated production line for automo- 
bile manufacturing. The assets that com- 
prise the products, and the automated 
production tools that assemble and con- 
figure the products, are engineered as a 
single system rather than a multitude of 
products. The products themselves are 
demoted to a secondary side effect of 
the manufacturing system. 

A defect fix or enhancement intend- 
ed for any particular product is per- 
formed on the entire system of assets as 
well as the automated production capa- 
bility, such that they can be automatical- 
ly applied to any or all products. You can 
eliminate the order-of-N 2 relationship 
between products by taking this single- 
system perspective. 

As a colleague once observed, the 
right point of view saves 20 points of IQ. 

The exciting thing about discontinu- 
ous jumps is that they open up new fron- 
tiers, offering new possibilities and chal- 
lenges that could not even be conceived 
of in old paradigms. What new chal- 
lenges and opportunities lie ahead in the 
new frontier of SPL engineering? 

As the civil engineers who built the 
ancient cities did, the first thing to note 
is that paradigm shifts can be used 
against you as well as to your benefit. 
The first challenge you see may come 
from your competitors who make the 
shift before you do. 

Another challenge is that organiza- 
tions do well with continuous and incre- 
mental improvements, but may not with 
paradigm shifts. This is particularly true 
in software engineering since we haven't 
experienced discontinuous jumps, and 
therefore we haven't established a cul- 
ture that is accepting of paradigm shifts. 

I'll leave it to your imagination as to 
how your business and engineering 
organization could take advantage of a 
discontinuous jump that offered you 
two- to tenfold improvements in pro- 
ductivity, reaction time for new market 
opportunities, portfolio size and product 
diversity. What if the scale, scope and 
diversity of your product line were only 
limited by the imagination of your orga- 
nization rather than by the capacity of 
your engineering team? I 

Charles W. Krueger is founder and CEO 
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The Oslo Piece O'Codes 



"0 



slo" is the codename for Microsoft's 
ambitious model-based develop- 
ment platform. The idea, in the broadest 
strokes, is that software teams don't 
develop high-level tools specific to their 
domain. We work on the same core sys- 
tem for years, but changing a rule still 
requires a programmer to go in, balance 
the brackets, put the semicolons in the 
right place, fire up the build script for 
the entire system, work the unit-testing 
framework, and so forth. Or we 
approach a new system and find our- 
selves redeveloping the same objects 
and relationships that we know to be 
important to the domain. 

It's difficult to talk about this level of 
abstraction without uttering a phrase 
about "business analysts writing rules 
directly," but that type of phrase brings 
with it a freight train of baggage. To cut 
to the quick: Microsoft understands that 
creating a software system requires a 
trained and specialized mentality. The 
failure is not that there are programmers 
involved, it's that the programmers 
aren't taking advantage of the patterns 
and vocabulary of their domain. 

If you're doing once-in-a-few-years 
reasoning about security transactions or 
the network, a general-purpose lan- 
guage is the best way to express that 
solution. But if you work for a widget 



manufacturer, you should have addition- 
al ways of reasoning that involve widgets 
and sprockets and other domain issues. 

One attempt to avoid the "no pro- 
gramming necessary" confusion comes in 
the phrase "software factories." (Those 
wishing to score points for their debate 
team could argue that the phrase is not 
entirely baggage-free, as it was 
also used in the early 1990s to 
describe a style of develop- 
ment favored by Japanese 
business that failed to produce 
anything noteworthy except, 
arguably, the low-cost, low- 
quality contract- Web-develop- 
ment industry.) 

As it's used today, though, a 
"software factory" is intended 
to evoke the idea of a product 
line: companies producing slightly differ- 
ent versions of their software for different 
clients or partners, or that find them- 
selves building "this year's model" that's 
different in important ways. But they 
build with chunks of functionality that are 
reused from the previous versions, solu- 
tions that don't need to be reinvented. 

In this context, one of the hotter top- 
ics is the creation of domain-specific lan- 
guages. DSLs are specialized "little" lan- 
guages that provide, within their limited 
scope, huge advantages. The first visible 
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pieces of Oslo are M, M Grammar and 
Intellipad, which are tools for creating 
DSLs. "The goal of Oslo is to provide a 
[tenfold] productivity gain across the 
application life cycle," says the Oslo 
Developer Center, and it's true that a 
DSL can achieve great things. 

Recently, for instance, I had a client in 
a domain where a particular 
legacy text-based report is a 
de facto standard. The data in 
the report was used at differ- 
ent times for different purpos- 
es, and different partners had 
specialized codes and so forth. 
By writing a parser for it, we 
transformed it into a tree-like 
data structure that we could 
then manipulate in different 
ways. While this is a somewhat 
unusual scenario for a DSL, it's a con- 
crete illustration of the huge wins that 
can be achieved (directly responsible for 
a sharp reduction in development costs, 
millions of dollars in new transactions, 
and the acquisition of new clients). 

On the other hand, you don't need the 
Oslo tool chain to write DSLs. To claim a 
tenfold productivity boost over a hand- 
written parser is spurious; this is like a 
programming language boasting of being 
more productive than assembly language. 
No one hand-codes parsers unless they're 



undergraduates or incredibly competent. 

The question isn't whether Oslo is 
ten times better than hand-coding a 
DSL, it's whether it's ten times better 
than coding a DSL using tools like Yacc, 
Bison or ANTLR (my favorite), or in a 
language such as Scala, F# or OMeta. 

I'm impressed by M, which is used for 
manipulating type information. It's 
approachable and flexible, and I like the 
decision to store type information in a 
repository. M Grammar, which is used to 
specify syntax, is straightforward (as these 
things go), but it struck me as less flexible 
than ANTLR. IntelliPad, the develop- 
ment environment, is clearly an interim 
tool; it's actually wonderfully functional 
but is driven by the subversive concept of 
editor modes and command keys (it's like 
a gateway drug to emacs). 

In short, the M tools are a perfectly 
serviceable modern parser toolkit and 
seem to be a fine foundation for growth, 
but there's nothing that is self-evidently 
revolutionary to them. 

Perhaps the upcoming DSL DevCon 
will see the unveiling of new tools. In the 
meantime, a DSL may give you that 
order-of-magnitude win, although only 
in fairly uncommon situations. Even as 
one who's always looking for a DSL- 
based solution, I think those situations 
only come along once every few years. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his hlog at 
www. knowing, net. 



Fusing a coherent Oracle 



When Oracle bought BE A Systems 
last year, many pundits viewed the 
purchase as a good move if Oracle could 
put together a sound strategy for inte- 
grating the various pieces BE As product 
portfolio into something useful. There 
was no doubt it made sense to fill out the 
DBMS and SOA story with a full-blown 
enterprise Java EE server and a wide 
assortment of well-regarded middleware 
from BE A. The strategic benefit of the 
move was to give Oracle a far more com- 
pelling story with which to battle IBM. 

Prior to the acquisition, Oracle's Java 
EE server was OC4J, a nimble server with 
a small footprint but lacking the creds of 
enterprise capacity. In BE As Web Logic 
offering, Oracle acquired a server that was 
better head-to-head than IBM's Web- 
Sphere. Not only is Web Logic faster in 
terms of performance, it's also consistent- 
ly earlier in adopting key standards. 

Another component in the stack that 
Oracle lacked, compared with IBM, was 
the JVM. JVMs are widely underappre- 
ciated as contributors to performance, 
and they carry an extraordinarily high 
bar to entry. Acquiring one of the three 
proven commercial JVMs was a coup in 
itself. However, the BE A JVM, called 
JRockit, is in a class by itself compared 
with its two competitors. 



To wit, effectively every third-party 
server vendor runs its SPEC benchmarks 
using JRockit, and like WebLogic, the 
JRockit JVM is an adopter of new stan- 
dards and architectures. For example, it 
was the first 64-bit JVM to be released for 
the Intel EM64T/AMD64 architecture. 

But what really sets JRockit apart is 
incremental garbage collec- 
tion (GC). In the other JVMs, 
GC is non-incremental: It 
occurs at unpredictable 
moments and can last for 
indeterminate times, during 
which the JVM can do little 
other work. As a result, those 
JVMs are highly unpre- 
dictable in terms of actual 
performance. 

JRockit does constant, 
incremental GC so that its 
performance is much closer to a deter- 
ministic model. This predictable perfor- 
mance is a desirable attribute in 
absolute terms, but invaluable for IT 
departments under the gun to deliver 
against tight SLAs. 

With JRockit and WebLogic, Oracle 
acquired the core elements of a stack 
that in most ways is better than IBM's. 
However, BE A had the same stack when 
it was an independent company. And 
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while it was successful with these ele- 
ments, it did not enjoy a huge market 
share advantage over IBM. But Oracle 
has one more bullet in its belt: the 
Coherence cache, which it gained when 
it snatched up Tangosol in 2007. 

Coherence is a large-scale, distrib- 
uted, in-memory cache. Because of this 
architecture, it's perfectly 
suited to grid applications. 
Coherence sits as a layer 
above the hardware, caching 
data and providing excellent 
data locality. Moreover, it has 
built-in fault tolerance, so 
nodes can go dark, come back 
to life and find the resources 
they need quickly. By favor- 
ing the grid approach rather 
than the cluster, Oracle takes 
another page from IBM and 
improves on it. The Coherence layer, 
from what I know of IBM's product line, 
does not have a direct counterpart in Big 
Blue's arsenal. 

With the deterministic JVM, the 
fastest Java EE server on the market and 
the Coherence layer, the so-called Ora- 
cle Fusion Middleware stack, is certain- 
ly the fastest infrastructure available 
today. 

It's also part of a larger, remarkably 



integrated stack: Below it is Oracle Lin- 
ux, beside it is the Oracle DBMS, and 
above it are Oracle apps from the Siebel, 
PeopleSoft and JD Edwards acquisi- 
tions. Even Microsoft can't deliver such 
depth and breadth, and it is the only oth- 
er player who comes close. And honest- 
ly, almost every direct point of compari- 
son tends to favor Oracle. 

The aspects that are uniquely IBM's 
include hardware, of course, and its 
superior mainframe support. In addi- 
tion, IBM has a much more substantial 
professional services arm. These are for- 
midable revenue generators. Also, the 
hardware line of business and the ser- 
vices organization mean that IBM's sales 
teams often have the first crack at new 
installations. Hardware is an advantage 
Oracle cannot overcome, and even the 
professional services organization would 
be difficult to duplicate by acquisition, 
although not impossible. 

To win, Oracle must do what it has 
done: compete on the basis of superior 
technology and present the most integrat- 
ed software possible, so as to capture the 
maximum benefit from existing accounts. 
What impresses me the most about Ora- 
cle's execution on this strategy is that it has 
put it all together over the last few years. 
Five years ago, the Redwood Shores com- 
pany was a DBMS vendor with a few 
enterprise apps. Not anymore! I 

Andrew Binstock is the principal analyst 
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APPLE HAS CREATED a new software 
marketplace with its iTunes App Store. 
Thousands of developers, some corpo- 
rate, some independent, have found a 
huge opportunity in 
writing software for the 
iPhone and the iPod 
Touch. There are more 
than 20,000 applications 
in the store. About 20% 
of the applications are free, and nearly 
all of the rest are priced really low, often 
at around US$1.99. 

Impressed by the success of the iTunes 
App Store, other players, like Palm, 
Microsoft, Nokia, RIM (which makes the 
BlackBerry) and Symbian, are setting up 
similar captive marketplaces for mobile 
applications. 

Is this success story as incredible as it 
may seem? Usage patterns suggest that 
this may not be so much of a win from 
the customers point of view, and therein 
lies a cautionary tale. 

According to a statistical study of 
more than 30 million iTunes App Store 
downloads, analytics firm Pinch Media 
reported that customers stop using new- 
ly acquired iPhone or iPod touch appli- 
cations fairly quickly. 

For example, fewer than 20% of peo- 
ple who download a free application con- 
tinue using it the next day. The usage 
time drops by about one third in the first 
month after use. After a month, usage 
declines to about five minutes per day. 

Now, that's just one data point. How- 
ever, it's worth thinking about how sus- 
tainable this marketplace will be over 
the long run, as there are more and 
more applications to choose from and 
customers get over their initial "I want 
to download everything!" euphoria. 

— Alan Zeichick 

IT MAKES SENSE for Microsoft to use 
the same codebase for its desktop OS as 



well as its devices, and internal docu- 
ments reveal that it may just do that. It 
won't happen anytime soon as Windows 
CE development is ongoing, but 
Microsoft is pondering the advantages 
going forward. 

Microsoft's Midori OS incubation 
project may be the basis for its mobile 
OS. Apple successfully branched the 
source code of Mac OS X to create the 
iPhone; Microsoft can do it too. Devel- 
opers would benefit from not having to 
target more than one codebase, and it 
would be easier for Microsoft to update 
one OS instead of maintaining two. 

— David Worthington 

THE WHOLE INCIDENT with Michael 
Phelps a few weeks ago brings up an 
interesting issue around the explosion of 
pocket-sized media. With cell phone 
cameras and digital cameras that take up 
less space than your wallet popping up in 
nearly everyone's grasp, people, and not 
only public figures and celebrities, need 
to be very much aware of their surround- 
ings in ways they didn't have to even be 
five years ago. 

You never know who will 
be snapping a photo of you 
at that party or while taking 
part in some other form of 
debauchery. Before the rise 
of digital technology, people didn't know 
how good they had it. High school 
seniors didn't have to worry about blow- 
ing their chances at a certain college 
because of a picture taken at a party. 
And I wonder what sort of photos would 
fall into the hands of the press or be 
popping up on the Internet if someone 
were to slip a cell phone camera into 
parties thrown by the 1986 New York 
Mets or by 1980s rock bands. 

— Jeff Feinman 

AS THE STOCK MARKET slowly dis 
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integrates before our eyes, it's hard to 
remember that these trying times are 
often the most lucrative from a business 
perspective. Sure, there's not much 
money to go around, but if you've got a 
pet budget-trimming project, now is the 
time to push for it with all of your might. 
Moving QA into the cloud, cutting down 
on server maintenance through software 
upgrades, or even removing the free 
sodas from the break room are all the 
sort of tough-to-do 
projects that might ^ ■ 
finally be accept- 
able to your boss- 
es. 

Of course, if 
you've got any kind of entrepreneurial 
blood in you, it might also be a great time 
to find some friends and start that compa- 
ny you've always dreamed of. After all, 
there's a lot of great talent out there look- 
ing for work. It seems there's always a 
good angle that can turn this economic 
tragedy into opportunity. 

— Alex Handy 

NALPEIRON, A PERVERSION of the 

name of a fictional gas planet on the out- 
skirts of Jupiter, is a company that's call- 
ing its hosted software activa- 
tion/registration system "the 
Salesforce.com of software licensing." 
John Gillespie -Brown, the CEO and 
founder of the company, calls other soft- 
ware-based copy protection companies 
"a bunch of insurance salesmen." 

So his company has created what it 
calls the Active Marketing Suite, a plug- 
in to the licensing service that tells an 
ISV when a customer is actually using a 
software trial, so a company can time its 
sales calls, help messages and special 
offers to the moment the program is put 
in use. Only with a centralized system 
such as this can a software company 
match its communication to actual acti- 
vation and usage. And that's a great ben- 
efit to those of us who download soft- 
ware but don't install it and use it for a 
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Coghead has sold its Web application development intellectual 
property to SAP. According to SAP executives, Coghead's tech- 
nology will be used internally and will not be marketed as a 
standalone product. Coghead lets users create Web applications 
without advanced coding knowledge. Terms of the deal were not 
disclosed . . . Rally Software has raised US$8 million in a cred- 
it facility from Square 1 Bank. Rally executives said that the 
financing will go toward continued efforts to grow the company 
and its agile software. Rally is backed by Mohr Davidow Ven- 
tures, Boulder Ventures, Mobius Venture Capital and Vista 
Ventures . . . Wind River has signed an agreement to acquire 
Tilcon Software, a provider of software for creating and deploy- 
ing graphical user interfaces for embedded devices. Wind River 
will pay approximately US$3.5 million in cash. Wind River exec- 
utives said they expect Tilcon's GUIs to enhance the value of 
Wind River's VxWorks development and runtime platform, as 
well as Wind River's Linux software platforms. 



EARNINGS: Business management software provider Alfabet 
reported an 80% revenue growth in 2008 compared to 
2007, and its earnings before interest, taxes, depreciation and 
amortization grew by 152% during that period. The company did 
not release exact figures because it is privately owned . . . MKS 
announced year-to-date revenue of US$44.8 million, a 12% 
increase from $40 million in the same period a year before. 
MKS' fiscal year ends April 30. The company also reported 
fiscal 2009 third-quarter revenue of $13.2 million, an increase 
from $12.8 million in the same quarter a year before. Quarterly 
ALM revenue increased 5% to $11.6 million from $11 million 
. . . Salesforce.com reported revenue of US$1,077 billion for the 
full fiscal year 2009, an increase of 44% from the prior year. 
The company also reported $289.6 million in its fiscal fourth 
quarter ending Jan. 31, 2009, an increase of 34% on a year- 
over-year basis and an increase of 5% on a quarter-over-quar- 
ter basis. I 
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Studio for Silverlight 

Produce limitless RIAs: state-of-the-art Silverlight controls 

Find the Silverlight 2 control you need to build rich data apps: 

largest selection of Silverlight controls including unique controls 
like animated GIFs, spell-checking, file uploader, and more 

Increase functionality with a small footprint: average control 
size of 77KB (XAP size) eliminates the need to worry about adding 
to the size of the download 

Get ahead of the pack with access to the best resources: 

1 5+ samples with source code for quick learning 

Runs everywhere and does everything: no need to worry 
about HTML or JavaScript compatibility on the Web 



Studio Enterprise 2008 v3 delivers 
exactly what you need to produce next- 
generation Uls for the Web. 



StudioforASP.NET 

AJAX-enabled controls for desktop-like experience on the Web 

Build lightweight, high-performance Web apps: 

3x smaller footprint, 1 0x faster performance 

Deliver Web apps with guaranteed compatibility: 

Web apps perform across all popular browsers 

Style and animate your Web Ul without coding: 

dozens of built-in visual styles & animation effects 

Studio for iPhone 

Build Web apps that look and feel like the native Ul of the iPhone and iPod touch 

Develop without the hassle of learning a new technology: 

Studio for iPhone controls are built on the familiar ASP.NET Framework 
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ComponentOne 

Studio 
Enterprise 2008v3 

GET STARTED TODAY download your free trial @ 

www.componentone.com/amazingweb 
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WinForms 



ASP.NET Silverlight iPhone Mobile ActiveX 
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ComponentOne Sales 

1 .800.858.2739 or 1 .41 2.681 .4343 
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1987-2009 ComponentOne. All ngr 

of Apple Inc. All other product and brand names are trademarks and/or 

registered trademarks of their respective holders. 



Advanced Digital Dashboards Require 
Advanced Data Visualization 
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Data Visualization 
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Available for Visual Studio 2008 & SQL Server 2008 Reporting Services 

Build Custom Executive Dashboards With Data Visualization Solutions From Dundas! 

As the leader in data visualization solutions for .NET, SharePoint 2007 and SQL Server Reporting Services 2005 & 2008, Dundas offers the latest 
award-winning chart, gauge and map technologies. See why Fortune 500 companies around the globe trust Dundas to create advanced custom 
dashboard applications. 

For customers requiring additional assistance, Dundas Consulting offers unmatched expertise and experience in creating and optimizing digital 
dashboards and their supporting infrastructure. Our team of highly specialized software consultants and graphic artists can help you jump start 
your dashboard initiative, build your complete system or simply advise you on all the tasks associated with bringing a dashboard system to life. 

To see for yourself how Dundas products can improve your applications, download full evaluation copies of Dundas Chart, Gauge and Map from 
www.dundas.com/downloads. 
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Chart Gauge Map 



Available for: 



[ 



SharePoint 2007 



.NET 



SQL Server Reporting Services 



Microsoft 

GOLD CERTIFIED | Data Management Solutions 
Partner 



www.dundas.com 

Microsoft, SharePoint, SQL Server and Visual Studio are registered trademarks of Microsoft Corporation in the United States and/or other countries 



www.dundas.com 
info@dundas.com 
(416)467-5100 



Advanced Data Visualization for Microsoft® Technologies 



